Comment 4 for bug 2008705

Based on Brian's comment, I'm treating this as a class C1 report (previously suggested), basically a security hardening opportunity due to being fairly impractical to exploit.