If a user attempts to use a Session on a secondary for an operation that accepts a transaction number, that operation will check out the session. If the transaction number is greater than one in use by a secondary oplog application thread for the same session, then it could abort that secondary oplog application transaction. This could lead to a crash or data corruption.
One way to fix this could be to prevent user operations on secondaries from checking out a session. Transactions and retryable writes are not allowed on secondaries, so this should be fine (an exception can be made for testing, though would maybe cause test failures).
Alternatively reads outside of a transaction could be prevented from checking out a session since writes are already prevented on secondaries and secondary transactions are already prevented except for in test mode.