would be great to link specifically to the bad press on composer security, interesting post but not sure yet