Soooo apparently there's been an issue going around where .svg files can be used to hack people in scratch... The idea is that the .svgs can have a script on them that runs whenever scratch tries to load them, which can run javascript commands on the computer of the person who opens the files in the editor, which is then used to hack the person and take over their account (technically the hacker does not control your account but they can have the program do random stuff to your acc or log information from your computer). Really, the only way to fully avoid this is to not open random costumes unless you're 100% certain the person is not a hacker/has not been hacked. Fortunately, it seems that people need to have a lot of back-end knowledge so the number of hackers is probably low, although every time they hack an account they can spread it through that. The issue with this is that... well, the only people doing this hack know how to hack so they likely know how to discretely do a lot of damage. Basically, if someone starts acting weird at all, do not open any costumes on ANY of their projects. Or if you open costume editor do it through turbowarp and then download then reupload the SVG into scratch, preferably deleting the SVG from your computer just in case, (the hack can't work by using the normal upload methods), because that seemingly is SAFER (although potentially not completely invulnerable). Let's hope that Scratch 3.5 or 4.0 fixes this ig. Just be on the lookout, hopefully this doesn't cause issues for you, but it's possible. And like, don't be super paranoid, again, it's pretty uncommon right now (Might be innacurate soon) but it is going on (I saw someone got hit by hacks recently) and people should know about it.
All information from: https://muffin.ink/blog/scratch-vulnerability-disclosure/ So take this with a grain of salt but I know some people have been hacked similarly so... More info: https://scratch.mit.edu/projects/1314847707 This MAY be solved (for now)...: