MCP security starts with distrust by default: review every server, tool, and credential as if it could expose secrets, execute the wrong action, or be...