Based on the docs the Oracle Feeder uses Band for mAssets prices. Even Band has it’s own security mechanisms this is a single point of failure within the Mirror protocol. A bug or a hack on Band data feeds can be fatal for Mirror.
I think Mirror should use 2 different oracles for each data feed (e.g. Band and Chainlink)
One oracle will be the main data feed. The second oracle will only be used to detect anomalies in the price. If the price provided by the 2 oracles differs in more than X% (e.g. 10%) Mirror will halt the market and liquidations until the 2 oracles show a reasonable difference in price.
P.S. this is based on my conclusions after reading the docs. There may already be this or other security practices in place