Comment by dang

More privacy than security related, in the way you're using those terms. There are a lot of anti-abuse features, for example, that need to stay secret (yes we know, 'security by obscurity' etc., but nobody knows how to secure an internet forum from abuse, so we do what we know how to do). It would be a lot of work to disentangle those features from the backbone of the code. Actually pg used to use a clever 'hooks' design to keep those things separate, but inevitably they bleed into each other.