This is outdated information
The updates section is now semi finished i guess, this post is mostly about the technical implementation.
The actual page is just one php file, and either dynamically generates a list of entries, or loads html files based on the POST data sent by the generated form.
If there are like a thousand entries, scanning the entry folder on each page load might become a problem, there probably never will be a thousand entries though. Another possible vector of abuse would be to POST a path like "../../some-file", escaping out of the webroot, but I don't think this will be an issue, because everything is containerized with docker, and there are no volumes other than the website itself.