As we all know by know the recent bunnyhop incident showed, that the way this feature is offered today might actually lead to ways of URL grabbing and harvesting.

The way it is designed today makes it easy to replace it and harvest many streams as content.

"<!-- Add a placeholder for the Twitch embed -->
<div id="twitch-embed"></div>

<!-- Load the Twitch embed script -->
<script src="https://player.twitch.tv/js/embed/v1.js"></script>

<!-- Create a Twitch.Player object. This will render within the placeholder div -->
<script type="text/javascript">
new Twitch.Player("twitch-embed", {
channel: "itmkoeln"
});
</script>"

Even if that gets moved in the dashboard instead of the share stream mechanic it just takes to change the name (which is open for harvest). Without any tokens it is literally irrelevant where this is placed.

I am concerned because the streams I mod for were among those featured by those malicious people...

What I would suggest in the Dashboard visible to streamer and editors a list and a block this source option. I can see that third parties might be in need to be able to embed streams but this either should require a API confirmation token in the link in my opinion and the option to revoke this embedded feature...

And yes I am aware that Streamlabs does this for their Paying customers as are thirdparty multistream sites...

My genuine fear is that we got rid of this mischievous content thief site but the likes of these are not going away if twitch doesn't harden the embedded feature against abuse...