Container and gadget security tokens on the OSE should be encrypted if we ever want to have a hosted version that uses OAuth. The risk of not having encrypted tokens is that a user could spoof the token and make OAuth requests as a user that has already done the OAuth dance.
Container and gadget security tokens on the OSE should be encrypted if we ever want to have a hosted version that uses OAuth. The risk of not having encrypted tokens is that a user could spoof the token and make OAuth requests as a user that has already done the OAuth dance.