I can buy that it's accident that this vulnerability exists. It's still gross stupidity/incompetence/negligence (/malice?) that this vulnerability ever had the possibility of existing. That is, the feature should never have been implemented, to prevent exactly this scenario.
