The only security implication know for the moment is that currentmodule bypasses the consent screen of CSS, which exposes it to potential silent redirection attacks from malicious websites. Such vulnerabilities can lead to unauthorized access or token theft without user awareness. To mitigate this risk, implementing a whitelist within the CSS is recommended, specifying which clients are permitted to authenticate to CSS. While this whitelist configuration is currently a manual process, we plan to enforce it as a robust, immutable default setting in the upcoming iteration.