[jbaviat]

You are correct, our content security policy is not perfect, and we are gradually improving it. Security is a journey and there is no such thing as perfect security. We are striving to incrementally improve everything we are doing as our team is scaling.

[SahAssar]

My question is: If you talked to a customer and they said "we have around 200 hosts not controlled by us running code and reading data from our systems, is that a problem?" would you say "no, that is totally fine"?

It doesn't need to be perfect, but I think that for a security firm we should be able to do better.