Sorry my bad, typos.... I meant replay attacks
There is a security concern only if the intention is for the content (nostr event or blob) to stay on a single server. however if the intention is to publicly broadcast it then these replay attacks in nostr and by extension blossom are actually what you want
With regards to users getting charged twice for uploads. again its depends on how you look at it. however if your intention is to *only* upload to a single server and keep the file on that server then its an attack
If your intention is to broadcast that file then the second server is simply charging you for an extra backup and hosting of your public data