Our "spoof" version is strictly "as-is".

If you find a vulnerability, please do one of the following:

1. Fix it yourself and wonder why you are auditing a spoof repo.
2. Tell us, and we will probably add a "Known Issue" badge.
3. Ignore it, as PHP is already "secure" by default (this is a joke).