I planned on exporting a web version as well and I was testing there first hence the issue.
How would this allow any website to impersonate you though? The login is made via a jwt which would not be accessible if you go in another website. If I login on mysuperlemmyclient.com and then visit maliciouswebsite.com, how can maliciouswebsite access the jwt that is stored likely in a cookie of mysuperlemmyclient.com?
Does that really scale though? The load on a server is not dependent on the number of users, but on the number of communities from other server that the sum of user is subscribing to.
Which means if you have a server for 100 users, you still need to pay for the 1000s giant communities that those users are subscribing to, as they are being copied over in your server.
So if you have a few mega server like Lemmy.world, they each pay say 10000£ in hosting a month (number taken out of my hat), which is fine because they have as many users that can contribute to it financially ( via donations, ads etc.). But small servers won't be able to support that load and will ultimately close.
That sounds like a design flaw if you ask me but i did not see anyone mentioning it so maybe i'm misunderstanding.