I must say, I don't think keeping the exploits secret, when the software is not going to be changes changed to address them, is a good idea. Apparently the appropriate line of defense (I agree with what Chip Salzenberg said at the end of the thread) is with the dev anyway. I R DEV. THIS THREAD IS IN MY INTREST.