Comment 1 for bug 850665

Thanks for the report. I have confirmed that the method cannot be
called either via URL or from untrusted code without appropriate permissions.

I am therefore clearing the "security vulnerability" flag on the issue.