Please do not open public GitHub issues or pull requests for security problems.
Security issues in this open-source project can be safely reported to Stripe's Vulnerability Disclosure and Reward Program. Stripe's security team will triage your report and respond according to its impact on Stripe users and systems.