Yes, i was thinking about that too, it can be even worse if there is some way to do some remote code execution, and it would be very easy to infect a machine, so for example i can upload some malicious file to my blossom server and then make other server pull it from mine... But if im not mistaken the only way to deal with this would be to not set any relay or cdn for discovelability of files, but this will also limit/kill the usability of the server... Maybe nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr can enlighten us more