phew I don't feel bad now. I wrote a HTML preprocessor in 1999 to allow PHP-like embedding of Perl in webpages. It did the equivalent of register globals. I still have it up on my website but with a big warning that says "this has known security issues, don't use it". At least someone else made the same mistake around that time :)
I hope they go for the radical openness option and do a full public post-mortem. A teachable moment like this should not be wasted.
register_globals was known to be a bad idea in 1999 for crying out loud.