@heckj: do you agree this is a known weakness of the current API that needs to be strengthened, rather than a directly-exploitable security vulnerability ? In which case we will open this bug publicly rather than continue to consider it under embargo.
@heckj: do you agree this is a known weakness of the current API that needs to be strengthened, rather than a directly- exploitable security vulnerability ? In which case we will open this bug publicly rather than continue to consider it under embargo.