Crazy how easy it is to get this stuff wrong.
Also, add to the list: JWE. They open the door to off-curve attacks, which could expose private keys as well.