Question Sitejet Builder extension requires allow_url_fopen to be enabled

[Maarten.]

Server operating system version

AlmaLinux 8.7

Plesk version and microupdate number

Plesk Obsidian Versie 18.0.52 Update #3

Yesterday, I tried the new Sitejet Builder extension. It feels like a great addition. It's easy to use and has lots of options. Kudos to the WebPro team for this extension!

When I tested the contact forms, an error appeared in the error_log about allow_url_fopen:

"AH01071: Got error '
PHP message: PHP Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /var/www/vhosts/domain.com/api.php on line 204
PHP message: PHP Warning: file_get_contents(https://api.sitehub.io/website/elements/107557859): Failed to open stream: no suitable wrapper could be found in /var/www/vhosts/domain.com/api.php on line 204"

From my experiences in the shared hosting business, enabling allow_url_fopen used to be a security risk. Therefore, I always disable this setting.

What do you guys think of this? Is this still a security risk on a shared hosting server, or am I being paranoid about this setting?

Note that allow_url_include is already disabled, and the insecure PHP functions are also disabled:
"disable_functions=exec,passthru,shell_exec,system,popen,show_source,pcntl_exec,proc_open,proc_terminate,proc_close,pfsockopen"