Okay fair. I just see it come up in every thread about JWT security, so I felt like I would be Captain Obvious for calling it out.