nostr:npub175xmk7p9dul7guytswp6gcm0hszw24mzds2r54nup97js8nc54aqdv2fat I think there is risk in folks adding fake actors if they can add arbitrary files to a site, but I'm hoping that querying the webfinger endpoint to verify would help there.

Spoofing https certs and DNS might be a risk though? 🤷