Fair question, but you're reading into it too deeply.
Exposing the internal state of a controller theoretically exposes logic that might offer an attacker insight and therefore subtly increase the attack surface.
Yes, someone could go to the trouble of accessing the same data structures indirectly, but this makes easy and direct.
It was ultimately a wink, not an actual warning.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Fair question, but you're reading into it too deeply.
Exposing the internal state of a controller theoretically exposes logic that might offer an attacker insight and therefore subtly increase the attack surface.
Yes, someone could go to the trouble of accessing the same data structures indirectly, but this makes easy and direct.
It was ultimately a wink, not an actual warning.