If you’re reviewing the code you’re merging, it’s quite simple to see where the security flaws are. Mostly, fine-combing all network calls will cover your buns. There’s additional nuances to look out for, but it’s not as worrisome as you might think with the proper due diligence. I’m sure @calle has that under control!