Comment 2 for bug 1791973

While I've temporarily triaged this as a potential vulnerability under embargo, it sounds more like something we could discuss and fix in the open as a security-related improvement instead. I'm eager to get more input from Adam, the Keystone core security reviewers and other VMT members on whether they agree.