Migrated from: https://wikimedia.mingle.thoughtworks.com/projects/multimedia/cards/580
We should do a minimal security review before moving on completely for MediaViewer - what are the possible attack vectors, are they mitigated, what's the information flow with other components.
See Chris' brownbag for inspiration:https://www.mediawiki.org/wiki/Security_for_developers/Architecture