> warm fuzzies from being sure that, however screwed up the web server is, it cannot be confused[1] into revealing the secret keys when it does not have access to them in the first place.

indeed a big one. THE big one.

Usually I do watch out for 'https' in CGIs which requires the webserver to know. Need it e.g. to build absolute URLs https://codeberg.org/mro/geohash/src/branch/master/lib/cgi.m...