As discussed upstream, libcurl can wrongly send HTTP credentials when re-using connections. Also discussed upstream, libcurl can get tricked by a malicious SMB server to send off data it did not intend to