Does Steem have any sort of process for reporting sensitive security vulnerabilities?
I couldn't find any contact info on either the steem.io website or steemit.com and their slack auto-invite bot seems to currently be broken.
Not every bug is appropriate for a public github issue or a writeup on steemit.com ...