Security auditing and response

Rationale
Insecure code sucks :-)

Review queue

 * Twig (for use with Fundraiser code)
 * User Metrics API
 * Wikibase client LinkItem
 * Limn
 * Kraken
 * EasyRDF (for Wikidata)

This list may not be complete (possibly due to oversight, possibly due to security reasons for not putting this out there), and may not be in priority order.