The `security.alternate-file-domain` config item has a scary warning, but otherwise the item's description doesn't say much. Perhaps the description could be elaborated or be more specific?
These questions are left unanswered in the description:
1. What kind of vulnerabilities are left open when files are served from the same domain? Is this Phabricator specific?
2. If an install is really "NOT SECURE" without an alternate file domain, how come this is not a setup issue like other important settings? I guess the answer is T2380, but how come you don't have a separate files domain for secure.phabricator.com?
3. Are non-public (on the internet, but with mandatory authentication and no registration) installs affected? Could an angry developer upload a file with an image extension, actually containing some Javascript magic, and send the link to an admin and get admin access?
4. The last sentence in the current description says "Ideally, you should use a completely separate domain name rather than just a different subdomain". Does this mean that a different subdomain is better than nothing?