Because I imagine someone who would expose their mongodb instance to the web would also just terminate HTTPS at the CDN, rendering curryfinger/cloudflare.py useless.
To me it looks like this tool (and cloudflair.py) can only ever find servers which are configured in a very specific way:
* The traffic between server and CDN is encrypted using a valid certificate
* The server's firewall is not properly configured
Apparently there are indeed servers with this configuration, but I just find it odd how someone would go through the trouble of setting up HTTPS (instead of terminating it at the CDN) and then not bother to block traffic from anywhere but the CDN.
For reference, I didn't try any of the more obscure email address features, such as comments or quotation. My address simply has the form [email protected]
1. It doesn't accept my email address. Looks like the pattern is way too strict and doesn't allow any new TLDs.
2. The use-case I most often see Splitwise used for is trips abroad with friends. In this situation, expenses are often recorded while no internet connection is available and synced later. I'm not sure if IOU supports this, I haven't tried it.