What would you consider a security vulnerability on a nostr client? What data do you considered public and what data is private? Do you see anything risky to break nostr long term?