I just meant very generally that we (humans) are still struggling to make regular programs secure, we built decades worth of infrastructures (langages, protocols, networks) where security was simply not a concern and we are still reckoning with that.
Jumping head first into an entire new "paradigm" (for lack of a better word) where you can bend a clueless, yet powerful servant to do your evil bidding sounds like a recipe for... interesting times.
"our" - *base users? I only hear about *base apps shipping tokens in client code or not having auth checks on the server, or whatever