Vendor responded - "just started looking into this vulnerability. It may be true but the variables exposed pose no serious threat. However, plans are in place to fix these vulnerabilities in the next version release." - Steve