As noted in #23538, readFloat has runtime that scales nonlinearly in the size of its input. Consequently, its use on untrusted input can be exploited as a denial-of-service vector. Point this out and suggest use of read instead.
readFloat
read
See #23538.