I’d characterize this as an attack where a mint and a user can collude to entrap another user. In brief, a user can flag to the mint one of their secrets, and when this secret gets swapped or redeemed, a notification occurs. To mitigate this, the receiver of token(secret) should be able to re-blind. I think this should be pretty straightforward operation. Right now we can take the signature: _C transform to C. Any receiver of a token should be able to transform to C_ with an entirely new secret before presenting for redemption.