Well, it’s really close in severity: when you can take over the deliverability of their posts to any followers (on any software) that aren’t on the same server, when you can take over where Direct Messages across servers end up, when you can change the public key cached for any remote user and start impersonating S2S traffic, and much more.