I skimmed through the report.

- Jumble generally shows users’ NIP-05 and supports WoT filtering, which helps reduce the risk of pubkey impersonation.

- Jumble uses nostr-tools and verifies the signature of every event.

The other security issues mostly relate to DMs, and Jumble doesn’t have DMs.