Disclaimer: I am not a security expert, nor a systems expert. The following text is tinted by my understanding and experience, and probably contains mistakes or misunderstandings.
Earlier this year, I accidentally uncovered a flaw in GitHub, Heroku and many other similar providers.