Comment 8 for bug 1656030

Probably more of a class E unless it can be demonstrated that there is any actual vulnerability exposed (or could barely be class D if there's interest from Cinder in anyone working on a "safer" replacement implementation). Also since it's already public I've gone ahead and marked our security advisory task invalid.