@bk1e @thomasfuchs It gets worse when according to wikipedia the hashes are right in the urls and therefore PUBLICLY available. And it's md5, which is far from secure...