Git is insecure by default (opens in new tab)

What this means is git doesn't make sure that blobs match shas on fetch. Malicious control of source or network can insert nasty things and git won't notice. Solution is setting transfer.fsckobjects = true.