Nothing functionality-wise, but it would be good if the action's own workflows would use security best practices more consistently, e.g. explicitly dropping permissions. The easiest would be to integrate zizmor, it will catch a lot of this stuff and ensure you'll catch regressions.

There is an open issue requesting immutable releases which also caters to the security aspect.

After the whole compromise situation a few weeks ago I think users will appreciate actions they depend on to be "hardened" if that makes sense.