Everyone’s worried about Mark Zuckerberg controlling the next currency, but I’m more concerned about a crypto Cambridge Analytica.

Today Facebook announced Libra, its forthcoming stablecoin designed to let you shop and send money overseas with almost zero transaction fees. Immediately, critics started harping about the dangers of centralizing control of tomorrow’s money in the hands of a company with a poor track record of privacy and security.

Facebook anticipated this, though, and created a subsidiary called Calibra to run its crypto dealings and keep all transaction data separate from your social data. Facebook shares control of Libra with 27 other Libra Association founding members, and as many as 100 total when the token launches in the first half of 2020. Each member gets just one vote on the Libra council, so Facebook can’t hijack the token’s governance even though it invented it.

With privacy fears and centralized control issues at least somewhat addressed, there’s always the issue of security. Facebook naturally has a huge target on its back for hackers. Not just because Libra could hold so much value to steal, but because plenty of trolls would get off on screwing up Facebook’s currency. That’s why Facebook open-sourced the Libra Blockchain and is offering a prototype in a pre-launch testnet. This developer beta plus a bug bounty program run in partnership with HackerOne is meant to surface all the flaws and vulnerabilities before Libra goes live with real money connected.

Yet that leaves one giant vector for abuse of Libra: the developer platform.

“Essential to the spirit of Libra . . . the Libra Blockchain will be open to everyone: any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services. Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers,” Facebook explained in its white paper and Libra launch documents. It’s even building a whole coding language called Move for making Libra apps.

Apparently Facebook has already forgotten how allowing anyone to build on the Facebook app platform and its low barriers to “innovation” are exactly what opened the door for Cambridge Analytica to hijack 87 million people’s personal data and use it for political ad targeting.

But in this case, it won’t be users’ interests and birthdays that get grabbed. It could be hundreds or thousands of dollars’ worth of Libra currency that’s stolen. A shady developer could build a wallet that just cleans out a user’s account or funnels their coins to the wrong recipient, mines their purchase history for marketing data or uses them to launder money. Digital risks become a lot less abstract when real-world assets are at stake.

In the wake of the Cambridge Analytica scandal, Facebook raced to lock down its app platform, restrict APIs, more heavily vet new developers and audit ones that look shady. So you’d imagine the Libra Association would be planning to thoroughly scrutinize any developer trying to build a Libra wallet, exchange or other related app, right? “There are no plans for the Libra Association to take a role in actively vetting [developers],” Calibra’s head of product Kevin Weil surprisingly told me. “The minute that you start limiting it is the minute you start walking back to the system you have today with a closed ecosystem and a smaller number of competitors, and you start to see fees rise.”

That translates to “the minute we start responsibly verifying Libra app developers, things start to get expensive, complicated or agitating to cryptocurrency purists. That might hurt growth and adoption.” You know what will hurt growth of Libra a lot worse? A sob story about some migrant family or a small business getting all their Libra stolen. And that blame is going to land squarely on Facebook, not some amorphous Libra Association.

Inevitably, some unsavvy users won’t understand the difference between Facebook’s own wallet app Calibra and any other app built for the currency. “Libra is Facebook’s cryptocurrency. They wouldn’t let me get robbed,” some will surely say. And on Calibra they’d be right. It’s a custodial wallet that will refund you if your Libra are stolen and it offers 24/7 customer support via chat to help you regain access to your account.

Yet the Libra Blockchain itself is irreversible. Outside of custodial wallets like Calibra, there’s no getting your stolen or mis-sent money back. There’s likely no customer support. And there are plenty of crooked crypto developers happy to prey on the inexperienced. Indeed, $1.7 billion in cryptocurrency was stolen last year alone, according to CypherTrace via CNBC. “As with anything, there’s fraud and there are scams in the existing financial ecosystem today . . . that’s going to be true of Libra too. There’s nothing special or magical that prevents that,” says Weil, who concluded “I think those pros massively outweigh the cons.”

Until now, the blockchain world was mostly inhabited by technologists, except for when skyrocketing values convinced average citizens to invest in Bitcoin just before prices crashed. Now Facebook wants to bring its family of apps’ 2.7 billion users into the world of cryptocurrency. That’s deeply worrisome.

Regulators are already bristling, but perhaps for the wrong reasons. Democrat Senator Sherrod Brown tweeted that “We cannot allow Facebook to run a risky new cryptocurrency out of a Swiss bank account without oversight.” And French Finance Minister Bruno Le Maire told Europe 1 radio that Libra can’t be allowed to “become a sovereign currency.”

Most harshly, Rep. Maxine Waters issued a statement saying, “Given the company’s troubled past, I am requesting that Facebook agree to a moratorium on any movement forward on developing a cryptocurrency until Congress and regulators have the opportunity to examine these issues and take action.”

Yet Facebook has just one vote in controlling the currency, and the Libra Association preempted these criticisms, writing, “We welcome public inquiry and accountability. We are committed to a dialogue with regulators and policymakers. We share policymakers’ interest in the ongoing stability of national currencies.”

That’s why as lawmakers confer about how to regulate Libra, I hope they remember what triggered the last round of Facebook execs having to appear before Congress and Parliament. A totally open, unvetted Libra developer platform in the name of “innovation” over safety is a ticking time bomb. Governments should insist the Libra Association thoroughly audit developers and maintain the power to ban bad actors. In this strange new crypto world, the public can’t be expected to perfectly protect itself from Cambridge Analytica 2.$.

Get up to speed on Facebook’s Libra with this handy guide: