Comment 4 for bug 1657139

Tristan, as best as I can tell from a quick review of the code, this is not a vulnerability but an opportunity for hardening. I will request additional review (others on trove-coresec) and update in the next day or two.