For me, the main issue here is this: are these things real security problems or not?
- if yes, CVEs should be opened and logs clearly marked
- if no, then someone should should let us know that they are not
I'm really not in the position to evaluate validity of Brad's claims, but from what I saw in
other discussions, other more qualified people usually cannot refute them.