It has become a popular catch phrase amongst Atlassian staff to say that Forge is more secure than Connect, and that his is a reason why developers should move to Forge.
I know this is part of the trust signal campaign to improve customer confidence in the Atlassian Ecosystem, but in reality this is really just backfiring spectacularly.
The side-effect of this communication is that you are implying that Connect, the framework on which all major apps are currently still running, is insecure. This is simply not true and it is hurting customer trust in the current apps as well as undermining the efforts by Atlassian Marketplace Partners to ensuring safe & reliable operations. You are making us all look bad for no reason.
Secondly, the statement is also simply not true. Forge is not more secure than Connect per definition. Sure, Connect can improve with regard to security, but a lot of security features that are native to Forge could also have been implemented for Connect. Atlassian chose not to invest in Connect and re-build from scratch. That does not make Connect inherently less secure than Forge.
The only real difference between Connect and Forge is that Forge apps run on Atlassian maintained infrastructure. But that only applies to the part of the shared responsibility model that Atlassian is responsible for, and it also does not mean that Marketplace Partners would not be able to achieve similar security on their own platforms. You are again undermining the efforts from Atlassian Marketplace Partners by implying that we are not capable of running our apps securely on our own infrastructure.
I would really like for Atlassian to stop perpetuating this falsehood and deliberately creating doubt with regard to the security of Connect just to push your Forge agenda. Especially because Forge is not at all ready to support large & complex apps making it impossible for many vendors to migrate.