I don't have a good link for Stellar but it's been around for a while, and the Rust creator even worked for them for some time.
Regarding the second point, since it's on the server, wouldn't a vulnerability just mean the server operator might potentially be able to get at the keys, not any random attacker?
Regarding the second point, since it's on the server, wouldn't a vulnerability just mean the server operator might potentially be able to get at the keys, not any random attacker?