Found this, thought it might be a interesting read.
PHP’s long standing security issue with OPCache leaking sensitive data Fixed - PHP Magazine
One interesting part regarding PHP 7.1 that Trellis uses.
Afftect Versions:
PHP7 < 7.0.14 and PHP5 < 5.6.29. Later versions are still vulnerable by default unless opcache.validate_permission=1 is enabled.
Still reading a relevant discussion on bugs.php.net setting opcache.validade_permission=1 is stil up to debate…