I would take this document more seriously if they removed the Canadian government logo, I remember in early 2021 how easy it was to exfiltrate passport and other PII from the a certain Quebec gov agency agencies, because they had web apps written in ASP.Net and didn't do proper authorization/authentication measures, so anyone with basic knowledge of curl and python could easily exfiltrate mass amounts of data. People are stupid, they upload sensitive documents (passport info) and other things under the assumption that the government is competent enough to secure their stuff.