[mamoulian]

I suspect there are developers out there who haven't kept their secret as secret as it ought to be.

The leak of a JWT secret allows for easier and more severe attacks than the leak of many other secrets.