Problem description
The current security considerations just refers to CloudEvent "security".
Which is basically saying "CloudEvents cares about interoperability (and not about privacy and security)".

The example they provide does not even follow their own security advice.

Data
Domain specific event data SHOULD be encrypted to restrict visibility to trusted parties. The mechanism employed for such encryption is an agreement between producers and consumers and thus outside the scope of this specification.

{
    "specversion" : "1.0",
    "type" : "com.github.pull_request.opened",
    "source" : "https://github.com/cloudevents/spec/pull",
    "subject" : "123",
    "id" : "A234-1234-1234",
    "time" : "2018-04-05T17:31:00Z",
    "comexampleextension1" : "value",
    "comexampleothervalue" : 5,
    "datacontenttype" : "text/xml",
    "data" : "<much wow=\"xml\"/>"
}

Note, despite their own recommendation data is not encrypted. Neither is comexampleextension1 nor comexampleothervalue.

Expected behavior
Write a meaningful security considerations section

Additional context