@aral @Bossito I mean, the attack vector is protocol/client development - even if they are open source contributions by a big org, the speed of changes can be too much for individual contributors to follow on the side, so the source and development process is effectively controlled only by the big org at some point