> Their internal browser was a custom stripped down 5+ years old Electron or Chromium Embedded Framework monstrosity, begging to be exploited somehow.

While all true, the (correct) choice to only allow signed authenticated URLs effectively killed one of the parts of BakkesMod that I was super excited to use. I don’t think forcing it was the wrong call, I do think not allowing me to bypass the security warning _somehow_ is loathsome.