Algolia: RCE on facebooksearch.algolia.com

While doing recon on Algolia, I found that the session secret for facebooksearch.algolia.com has been committed to a public GitHub repository. Since the Rails app running at facebooksearch.algolia.com is using CookieStore as the session storage, this means an attacker knowing the session secret c...