Hi again @Andrew_Prior ,
As a side note, since we certainly have spotted your issue.
We take really seriously the security of our systems. The security feedback are always welcome. If you have some suggestions for a more secure authentication system, we are pleased to receive any feedback. We have a dedicated email/process (as part of our future SOC 2 compliance) for this type of submission. 
For informations, since the introduction of OIDC in the agent we do use Authorization header among others to perform secured and fast connection to the agents.
Kind regards,
Morgan