[th/utils-security-valid]
I find nm_utils_security_valid()
complicated.
It inherently is complicated, because various conditions are checked (in slightly different forms).
I think this could be easier to read by structuring the checks differently. Do that.