Today I found out that #secure_mode is not enabled by default on #Mastodon instances.
The Devs say that since that setting only affects public toots, it doesn't really provide extra security at the cost of breaking some APIs. I disagree.
If you are an instance admin, consider enabling it. If you are not, consider boosting this toot.
GitHub thread about this: https://github.com/mastodon/mastodon/issues/18353
@f0x @yair Yeah, GoTo was how I found out about Secure Mode in the first place!