Explanation of Bech32 rule

[JasperSurmont]

Hey,

As a part of my thesis I'm scanning live cosmos-sdk chains for possible vulnerabilities, and one way is using these CodeQl rules. However, I am unsure on why using variables called Bech32... is a vulnerability (like this rule suggests).

A more concrete example: this line in the osmosis repo is being flagged as a warning. I cannot seem to figure out why this would be insecure.

Would you mind explaining it a bit?

Thanks!

[JasperSurmont]

After some research, I found the original explanation here