Author here. I wrote this in late March after a billing dispute and sat on it. Then the breach disclosure landed and I kept seeing the same pattern: opt-in safety, "shared responsibility" framing, architecture that doesn't protect customers unless they explicitly ask.
The billing story: my functions defaulted to wall-clock billing, not CPU billing. A dead socket cost me $1,243 over 8 days. The breach story: env vars defaulted to unencrypted. One compromised employee exposed every secret that wasn't explicitly marked sensitive.
I'm not claiming these are the same severity. A breach is orders of magnitude worse. But they're the same architectural decision: the dangerous option is the default, the safe option is opt-in, and when the inevitable happens, the platform points to a doc explaining it was your responsibility.
I spent my weekend rotating keys out of caution. Vercel's email telling me to "take advantage of the sensitive environment variables feature" arrived at 10:02 PM last night while I was writing this post. Wild.
Happy to answer questions about the migration (Part 3). It was not painless.
nahsuhn•1h ago
The billing story: my functions defaulted to wall-clock billing, not CPU billing. A dead socket cost me $1,243 over 8 days. The breach story: env vars defaulted to unencrypted. One compromised employee exposed every secret that wasn't explicitly marked sensitive.
I'm not claiming these are the same severity. A breach is orders of magnitude worse. But they're the same architectural decision: the dangerous option is the default, the safe option is opt-in, and when the inevitable happens, the platform points to a doc explaining it was your responsibility.
I spent my weekend rotating keys out of caution. Vercel's email telling me to "take advantage of the sensitive environment variables feature" arrived at 10:02 PM last night while I was writing this post. Wild.
Happy to answer questions about the migration (Part 3). It was not painless.