Github user pnowojski commented on the issue:
https://github.com/apache/flink/pull/5500
If this security concern is an issue, maybe in that case `getCurrentKey()`
should take `object-reuse` into account, and if `object-reuse` is set to false,
make a defensive copy of the key on access?
However @aljoscha was not objecting the general idea in the other PR:
https://github.com/apache/flink/pull/5481---
