As it currently stands, Mainframe is not being used in any serious context. Security bugs should just be reported like a normal issue. If Mainframe, or a derivation of it, were to be actually used for a wiki of some type, then this security policy will be changed.

Open up a PR or a issue on this repository, and set the title to begin with SECURITY:.