I've seen some incidents before where backend frameworks were posted before they had things like authentication ready.