This is a placeholder thread for the security issue posted by @cominixo (thanks for the report)!
I've hidden the original thread for now for obvious reasons.

This is fixed for 0.2.3b which will be out shortly, and I'm looking at what I can do server-side to reduce impact for older versions.

I'm going back to see what I can mark resolved and it occurs to me that you should mark this one resolved.