The main problem is that bootstrapping the grpc server with correct TLS is always a barrier. so developers usually enable the InsecureOption to be able to test the grpc server, and after that they forgot to change the configurations for the production.