Comment 13 for bug 1563954

If the plan is to fix/improve documentation and config comments to mark this as clearly unsafe without additional mitigation, then the announcement process would be to have the OSSN editors draft and publish an OpenStack Security Note detailing the risks. I've subscribed the OSSP's core security reviewers to chime in on any concerns with that option.