I found some interesting discussion about this on (I think) HN. Apparently this is indicative that the connection and sharing of video/audio feed happens before the recipient accepts. I get the point of this - it takes some time to establish that connection, and they don't want users to have to wait those 1-2 seconds after clicking "accept". However, it really should just be worth that small connection time to completely shut off the chance of any more exploits of this caliber.
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.