Please report security vulnerabilities to [email protected] instead of opening a public issue. This will give me the chance to remediate the issue before it is publicly known and therfore exploitable.