The current remote blob fetch resolver relies entirely on the Content-Length header being truthful, which a malicious PDS could forge to be an inaccurate size which the server would blindly trust. It would be a good idea security-wise to validate the size of the blob as it is fetched by the appview and abort a fetch if it grows too large.
Relevant snippet: https://tangled.org/juprodh.bsky.social/lichen.wiki/blob/main/src/server/routes/blob.ts#L169-172
Thanks for the issue, currently looking at it