Even though now hidden (by this patch) surely if you don't enable the extra security 'Enable web services security (XML-RPC Only)' field then the public key expiry date should not default to a date based on the server, i.e. the public key date expiry date should be independent of the current date/time of the hosting server.
Another note about this:
Even though now hidden (by this patch) surely if you don't enable the extra security 'Enable web services security (XML-RPC Only)' field then the public key expiry date should not default to a date based on the server, i.e. the public key date expiry date should be independent of the current date/time of the hosting server.