Trying to put some actual focus on security for once, I looked at how to set up the maximum messages size for the Python websockets module I'm using and apparently the default is a whole megabyte! I lowered it to 32KB which is still excessive but at least it's reasonable excessive.