If you discover a security vulnerability, please email <ahref="mailto:evansu@duck.com">me</a>. I don't have any bounties available, but I will put your name on the homepage as a thanks. Please do not post the vulnerability publicly, as it could be exploited by a hacker. Thank you.