Dunno man. I'm just a paranoid sysadmin who thinks everything and everyone is out to get him. It definitely doesn't mean I've formally verified all the attack surface i've worried up XD. I do really just wish more devs were even half as concerned about theoretical attacks (especially those that have existed since the birth of TCP/IP, HTTP, and web browsing)