They won't comment to WIRED on the security issue, but they did quietly fix the vulnerability.
Shared publiclyView activity