(Disclosure: I'm on Google's security team, and my views on this topic are
informed by what kinds of things we tend to look for in Web frameworks, but
here I don't speak for them, only for myself.)
Beyond those already mentioned, here are some potential security
improvements I'd like to see in Dja
The number of default-generated SECRET_KEYs that can be found publicly on
GitHub alone suggests to me that no, the existence of that page is not
sufficient to protect users from making this mistake.
Deploying to production already requires worrying about things more
complicated than a SECRET_KEY,
