Comment 14 for bug 2030976

It sounds like this could also benefit from a larger post-mortem discussion about whether OpenStack wants to discourage treating notifications as a low-risk data stream, maybe with some bold disclaimers/admonitions in documentation and configuration comment blocks. If the community collectively comes to that conclusion, we could consider future such defects as security hardening opportunities rather than privileged information leaks.