I'm a security engineer, I have built things like this, and I made the original comment. A lot of my job revolves around developing automation for security needs.
Also, many of the top 100 domains serve user-generated content (like AWS/S3). Blindly trusting anything from them just because they are big is so woefully misguided it boggles my mind; I seriously doubt that anyone is actually doing what is described in the article.
Idk, I have done security audits for startups and small tech companies. They won't have a security engineer on staff and are "moving fast and breaking things". I've seen things much more misguided than this.
Also, many of the top 100 domains serve user-generated content (like AWS/S3). Blindly trusting anything from them just because they are big is so woefully misguided it boggles my mind; I seriously doubt that anyone is actually doing what is described in the article.