My reaction exactly. This whole post seemed like purely thrown shade against CSP, which should prevent both injection and data exfiltration as designed when used correctly, in order to sell Akamai's product.