Ok, after actually reading TFA, I change my posture: the summary is misleading -- the article's main point isn't that there are security risks, but that Diaspora shouldn't have launched a product that 1. Can be so easily misused (public nodes created, users registered) without fixing security holes. and 2. has so many beginner-level security holes (all of the examples brought up should be second nature to rails developers). Which means Diaspora is doomed due to lack of talent. Oops.

Hmm. Diaspora specifically launched early, with an emphasis on the fact that it's a first step, and NOT a complete production ready system. Hell, in their press release they declared that they have security holes. Surprise surprise, they weren't lying. OMG, call the press. Again.