Please report suspected vulnerabilities privately through GitHub security advisories for this repository.

Do not open public issues for credential exposure, webhook verification bypass, or game entitlement issues.

• Do not put MakePay merchant secrets into Godot projects or exports.
• Grant game entitlements only from signed webhook-confirmed backend state.
• Treat browser returns as user navigation, not payment proof.