config.assets.compile=true in Rails production, why not?

Question

The default Rails app installed by rails new has config.assets.compile = false in production.

And the ordinary way to do things is to run

Answer 1

Because it is opening a directory traversal vulnerability - https://blog.heroku.com/rails-asset-pipeline-vulnerability