I will say that a "Critical Security Vulnerability in flyctl, update now: https://bad-link/to/update.zip" tweet will have very serious consequences for a portion of your userbase, despite not directly compromising your own infra.
You could do that yourself today by getting a blue-checked @realFlyDotIo. But there's a paragraph in the article about this, and we know what we would have done had there been any signs of direct attacks on our users.
