This is an (AFAICT unfixable, without something content addressed in the way) side-effect of authorized fetch. The instance asking for a post authorizes itself, and the instance answering doesn’t have to give the same content to everyone asking for it (otherwise it wouldn’t be able to refuse serving content to blocked instances!)
The variable substitution itself is being done on the sending instance via an unofficial patch, and this patch isn’t even the first time this has been implemented (although it significantly lowered the barrier on creating this style of posts), with the earliest example I’m aware of being several years old now (although my instance doesn’t seem to have the post cached so I can’t find it directly at https://puckipedia.com/4th-wall--talki (search on your instance instead of visiting remotely))
With nearly all the current implementations using an instance actor instead of real users for authorization (for most posts), only the instance itself can be reliably determined, so the impact is relatively minor (e.g. can’t reliably target individual users, as it all gets cached in the same database in the end)