Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I believe the project should have a dedicated security spec or document. Based on my previous findings (one, two), I think implementers and users of any implementation should have a chance to be alerted to possible security implications.
Here's a first draft, @roll and others, please feel free to ask back or edit.