If you think you have found a vulnerability, please report responsibly. Don't create GitHub issues for security issues. Instead, send an email to cedric dot ronvel at gmail dot com and I will look into it as soon as possible.

A note for bounty hunters: I should mention that I usually prefer to fix security issues by myself, because it could involve rethinking API or fixing it / working around it in a way only an official maintainer can do it. I want to avoid people getting frustrated: don't work on a fix before getting in touch with me.