Documment Threat Models
Branched of from !60 (merged) :
We should think about our thread model (ideally write that down somewhere), find out what entropy we actually need and if we need to add ratelimiting for links with secret tokens. The entropy counts are currently more of a gut feeling.