I don't know how it works, but if a file is being shared, stored (temporarily) and read, could it also work for an exploit? One issue I could see is how download play is temporary (could the file be saved?), but I am surprised I have not seen anything like this.