Does anyone else use impersonation and has security breaches?

I am wondering how people use impersonation and if they have had any issues?

from technical support:

“Note, that we do not recommend using
the impersonation feature as it may
introduce security vulnerabilities
into your application. We are working
on a new impersonation implementation,
however don’t yet have an ETA for
this.”

Can anyone elaborate on why this may introduce vulnerabilities, would it be the implementation by Auth0 or the would this be open to vulnerabilities by not implementing this correctly when integrating with the Auth0 API?