Adding on to what Philip said, we've also tried to be practical and architect things in a way where we aren't solely depending on SGX for security. User nodes aren't exposed to the public internet, for example, which would allow attackers to attempt exploits by sending crafted network messages. If a 3rd party wants to attempt an SGX exploit, they'd have to get into our infrastructure first, or find a vulnerability in our reverse proxy.