tapestry-cometd has always used ParallelExecutor to render content so that the current thread is not polluted with PerThreadValues. tapestry-offline was only created to extract the offline rendering into a reusable module.
I suspect that Jarda has security on his push event and maybe Boris only has security on his page. Just a guess here but it might explain why it's not an issue for Boris.
