It’s a method/address to responsibly, that is not in public, disclose serious security issues in Diaspora. Listening to it is the security response team (only me currently, heh…) to judge and handle the disclosed issues.
Thanks. I saw from your discussion on Github that it’s an email address for this purpose. I wasn’t sure whether it was something else. A very good idea, but not something I can usefully be part of, I’m afraid.