Comment Re:Captive audience (Score 1) 229
Actually, the download link is just the URL of the "please wait" page â" if you reload it after you get the email, there's the download button.
So all an attacker would have to do is not navigate away from the page and reload it every 10 minutes until the download's ready.