These are the same guidelines that apply to any public repository I own and maintain, so I can't really make any specific promises considering some of them are one-off things or no longer actively updated.
Having said that, if there's something you think affects security, please avoid reporting it on a public issue; instead, contact me about it privately:
- email: [email protected]
- PGP (if preferred): 6E7C348A716E59FAC9E6D1A04B3896ABA96B3085
I'll do my best to appropriately address your concern.
Thank you!