Comment 6 for bug 2024204

So the usage of tools/ua-dev-cloud-config.yaml was clarified and isn't a real threat.
Thanks @Grant

Furthermore the initial bug was filed to have a look at a behavior that has been removed in release 28.1.
Mostly as a "we should look at these things" which Seth (thanks) has done.

I'm unsure about the right state of this now :-/

@Seth
Is there any vector of attack from your analysis left open that we should fix or discuss about?
Or did we actually manage to get them all sorted out and can close this as "was worth the discussion, but there is nothing left to do"?