If you've found a practical attack or a readily exploitable vulnerability, please report it privately:
For general discussions about security approaches, mitigations, or well-known risks, use the appropriate repository.
Responsible disclosure is appreciated, and reports should be reviewed and responded to within 48 hours.