Well to be fair, even smart people can make mistakes and miss things. But Meteor is open source, so if the person you responded to is going to question the security model, they can look at the actual code and see if there is an issue. That's the best way to prevent security issues, looking at the code for bugs, mistakes, and assumptions.