Yes you should. It will come naturally if you go down the road of separating code from data and properly isolating dev and prod environments, applying principle of least privilege as you do.
.env files for creds are a convenience for dev and testing. They were never supposed to be used for security or carried around with sensitive stuff inside. None of this is new.
The answer is the same: You give it either read-only or its own copy separate from the one you care about.
The requested feature wouldn't be a robust solution here either for the same reasons.
Besides, have you noticed the amount of other amateur-hour bugs anf jank in Codex going for weeks or months without proper resolution? Given that, why would you want and trust their solution here over alternatives, specifically?
Are those things you are personally struggling with (if you are considering quitting open source contribitions wholesale: don't let this make you) or is this a showcase of rationalization?
You can test this locally yourself with mitmproxy, opensnitch, or whatever.
You can try building the (supposedly) open-source apps you use from source.
Everyone opining here should MitM themselves every now and then. If not for your own security then maybe to make sure you're not participating in psyop when opining online and resharing hearsay or old truisms.
> Obviously playing Kasparov on the board requires more planning ability than managing a McDonald's
Not obvious and in fact I think the opposite is way more likely. Chess is well-defined and self-contained in a way that managing a restaurant with fleshy customers never will be.
At what point did/does it start feeling naive to trust the integrity and output of Github Actions on general? Does it feel unlikely that an attacker would be able to get a foothold in that infrastructure?
You are not responding to the debunking of your "Value doesn't have anything to do with utility" claim.
The only relevant thing I can see here is that yes, the volume is too low to provide any sense of untracability for the scenario discussed. It might for paying your VPN subscription.
In this case it does. You can't funnel huge amounts through a coin with usually small volume and market cap and expect any sense of anonymity or privacy. The delta makes it obvious. It would probably be visible via movements on markets too.
For smaller amounts this is not a problem for the same coin and network.
https://radicle.dev
EDIT: https://news.ycombinator.com/item?id=48147603