Unfortunately, you're mechanism of alerting people to the problem may
in fact cause this message to spread. We were aware of the CERT
security bulletin (which didn't explain the problem, possibly
for secuity reasons). A graphic example of the problem, which
you've put up, may have unintentionally caused more harm than good.
Instead of following the route of alerting Marc and other developers to the
problem and fixing it before word got out, we now have a situation
where we have known insecure clients (luckily word hasn't gone out
to the usenet list). A CERT bulletin is around the corner - we're
already patching as fast and as best we can, but ...