Hey, nice catch!
We haven't thought about this exploit. We have it already fixed locally. Thanks for the report!
