I'll freely admit to neither remotely being a security expert nor being completely confident I got the details right from listening to the talk. It really would help if someone from the actual team engaged the community here (or some other appropriate forum)