We are using your Stripe token in our backend to get the subscription information, and we also rely on identity verification to make sure that none of your customers can impersonate another one by guessing another Stripe Customer ID (https://docs.pubilling.io/quick-install/identify-verificatio...). Make sense?
Good point, I was trying to make the snippet simpler, since this is not required for Stripe setups, but I agree that this should be more clear. Thanks for the feedback!