Create & Fake is a completely self-contained test framework and should not pose any risk for users. The source code itself should contain no passwords or user information.

As a testing solution Create & Fake is not released with production code and any potential vulnerabilities pose little to no risk for users. Thus vulnerabilities can be posted as regular issues and will be worked on as normal. If you feel there is an actual risk, you may instead email createandfaketeam@gmail.com.