User blog comment:Raumaankidwai/Indirect Eval: Possible Security Vulnerability in KA/@comment-29331244-20150704234141/@comment-24275294-20150709163555

Oh, how did I not think of this when I saw it; KA has no authentication in internal requests, just a ":authority" header. :P