Comment 4 for bug 833499

Since there is a workaround, I'm setting this to low. We should at least provide a flag allowing deployers to turn off key injection if they don't want it.