Currently there are many ways a malicious actor could crash the addon. This is often due to malformed messages resulting in some substrings resolving to nil, and then attempting to use them.

An additional point of security consists of checking message authors (currently this is done very rarely), although this could add substantial overhead as well.