The Nexus of Privacy@tokyo_0 that's certainly true: "we can't provide the basics of security because our implementation is too inefficient" is a very weak position.
It seems plausible to me that auth fetch would cause problems for a caching mechanism that was originally written without taking auth fetch into account. It could just be that nobody's looked (yet) at how to make it more efficient. But it could also be that each request from a different account really does require separate checking when auth fetch is turned on in ways that aren't the case when it's turned off. I haven't looked at the code let alone run a profiler so dunno. With Claire's PR turning it on, I guess we'll find out!
All GNU social JP content and data are available under the