Parse private properties in the config files in your build process, if paranoid. I don’t have use cases where I’m sending the full contents of a config across the network. Each property in a config would be explicitly referenced in the application.
And it’s not like there isn’t any potential problems with some YAML or TOML library you import. Rails Yaml comes to mind.