[2fast4you]

Why would the test dependencies have access to production secrets? They only get installed while developing

[hombre_fatal]

They still get run on a developer’s machine most of the time and are at least installed there where they can run arbitrary code on install. And there are juicy secrets beyond just production server secrets sitting on your laptop.