2021-01-03 UTC
# [Raphael_Luckom] The reason that I bring it up even though I suspect it annoys people is that almost no one else has the right incentives. If you ask the big security teams to do these threat models, they're unlikely to consider "oauth2 creating a monopoly on sign in" to be a _threat_, and their models would end up biased towards infosec at the cost of monopolization.