Yep, I found it rather quickly myself. I'm not about to touch it myself with a 70 foot pole, but I wasn't looking to rip off any account info either.
As far as advice goes, you're in pretty deep already. Given the discussion here and the information that is already available, I don't think you're going to be able to back out now. You've already reported it to the company, but now it's publicly available and I worry that they might implicate you in damages. IMHO, get a lawyer. Now. They should be able to tell you what kind of liability you're facing. They should also be able to give you good advice on how to mitigate your own risk.
Frankly, I think it's stupid that someone pointing out a security flaw could be liable in any way, but that's the way our screwed up system works. Best of luck.