As the document mentioned "Host your domain-verification file at the following path for each domain you’re registering:
https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association" and that file contain "pspId" and "signature" so just want to know these are not sensitive it gets in the hands of an attacker ??