I was just looking at:

https://bitcointalk.org/index.php?topic=4571.0

I'm just curious if there is a possible attack vector here based on the
fact that git uses the relatively week SHA1

Could a seemingly innocuous pull request generate another file with a
backdoor/nonce combination that slips under the radar?

Apologies if this has come up before ...