Is Cloudflare Workers safe?

Cloudflare Workers run at the edge with strict isolation. Platform security is excellent; edge-specific bugs (env bindings, request body limits, KV access) are the risk.

TL;DR

Cloudflare Workers are among the most isolated serverless runtimes. Failures are usually about binding scope and request-handling limits.

How it fails in production

Env bindings in wrong scope

Secrets bound to the wrong environment (prod vs preview) leak to preview branches.

No request body size cap

Workers bill per ms of compute. Unbounded POSTs = DoS amplifier and cost explosion.

Leaked API tokens

See /leak/cloudflare-api-token.

How to ship safely on Cloudflare Workers

Review wrangler.toml env bindings for scope
Cap request body size explicitly
Rotate API tokens on team changes

What Securie covers

Securie's Hono/Worker specialist covers binding scope and body-size validation.

Verdict

Cloudflare Workers are the safest serverless option available, given proper configuration.