So everyone should start looking for vulnerabilities in the substack site?

If that's their idea of security...