Hi,
I neither have the time nor the patience to explain the idea of open source software here, but if someone, trusted or not, came to me and told me there’s a security hole in my software, I’d hurry to fix it instead of saying “Hey, that’s not serious, I don’t want to fix it.”
I’m pretty sure there are sites out there which have registered users they don’t completely trust and exactly these sites are vulnerable to the exploit.
And on the other hand, it won’t hurt to add the changes to the WordPress sources, right? There’s nothing to loose, but a lot of trust from the userbase to win.
Greetz,
Sascha
