And so what? Security is important, sure, but there’s nothing wrong with an experiment or side project with full disclosure upfront about its known limitations.

People should be empowered to share and tinker, without feeling like they need to setup a bug bounty program first. Not every GitHub project is a vendor/customer relationship.