I may have overreacted but I've seen people make statements like "We consider this reasonably safe within EC2..." and not realize the inter-region issue. That is why I wanted to force a clear statement.
I also think this really needs to be in your marketing copy or someone who is unaware of that is going to do that sort of thing.
Sorry if I'm being a pain but I think you are overestimating the average developer's knowledge of the potential security issues with exposing Redis like this.
Heroku offers 4 redis cloud providers. I wonder how many setups (if any) happen to go through inter-region, and if some of these providers support some kind of VPN/tunneling.
I also think this really needs to be in your marketing copy or someone who is unaware of that is going to do that sort of thing.
Sorry if I'm being a pain but I think you are overestimating the average developer's knowledge of the potential security issues with exposing Redis like this.