The registration of BouncyCastleProvider in info.magnolia.license.KeyGenerator and info.magnolia.license.LicenseProcessor with "Security.addProvider(new BouncyCastleProvider());" is changing JVM-settings and therefore all WARs in an Appserver are seeing this registration and classes of BouncyCastle.
If another WAR wants to use another version of BouncyCastle this can lead to Classloader issues. The Provider is also not removed on WAR-undeploy -> Memory-Leak.

In a WAR "Security.addProvider()" should be never used, because of all side-effects for other WARs ->