No, it's not that, and I feel silly for thinking it could be that, because it would require iframe busting on a sandboxed iframe.
I think it has to do with being able to use Medium on a custom domain. I think perhaps Medium validated that the DNS pointed to Medium once and stopped checking.
I think it has to do with being able to use Medium on a custom domain. I think perhaps Medium validated that the DNS pointed to Medium once and stopped checking.