I would submit this other similar experiment from YouTuber Vsauce [1] where a machine is trained to react to his subconscious thoughts before he consciously chooses to press a button.
One of the biggest downsides in my opinion is that session invalidation becomes non-trivial. Your best bet (assuming you don't want to do any additional network requests) is to reduce the session length to the smallest amount you (or users, depending) will tolerate and perform some kind of re-authentication; i.e. force a logout and do a fresh login or check if they can get a new token based on the old one transparently. For example, a user changing their password should kill all tokens that are in use immediately for good security. You can't do that with JWT. All tokens will stay valid until they expire.
While I applaud this effort, this will not stop the use of the technology. It will simply steer them to another provider or a custom implementation (on top of AWS if they so choose to) of this now well-understood technology.
I have had issues with playing music via Bluetooth (essentially the volume being too low) and research brought me to the Facebook app being open and closing it fixed it. Facebook is definitely doing funky stuff with audio that it should not be doing.
I think the scenario shadeless was describing is that the author of the PR shouldn't be able to merge but anyone else with write access could. It would be my ideal scenario as well. (You could of course bypass this by doing it in Git if you really needed to.)