Comment 30 for bug 2040137

@eslerm thanks for reporting this upstream, will follow-up to any discussion when I get added.

Just keep in mind that this isn't a vulnerability in upstream edk2 codebase in the strict sense, as it only affects you if you specifically opt-in to certain configurations in your builds. These being insecure should really be documented by upstream to avoid others falling into the trap however.