Comment 5 for bug 1735554

Since we have some consensus this is not a vulnerability in a production-ready feature of any released versions, I've switched the report to public and triaged our security advisory task won't-fix accordingly.