I'd just close the hole...
There are often times that I read something, typically involving a lawsuit, that I'm shocked people push. Often they are so embarassing, I'd probably pay extortion money to keep the crap quiet if someone threatened to go public about something I did. But instead of trying to keep it quiet and just fixing it, they involve lawyers and threats. NewsFlash - threatening bloggers and web sites backfires. I can say unequivocally, if I was the one that created something this widely used, that brough in this much money and had such a glaring security flaw , I would just fix it quietly. I wouldn't want my name associated with something this moronic and sloppy. I'd be paying bribes to the owner of HowardForums to have him keep it quiet, not threatening him and attracting attention. Actually, I'd do neither. I'd thank him for helping me create a more secure system (then I'd fall on my sword in ritual suicide b/c Gawd this is embarassing)