A security researcher was able to demonstrate the ability to launch system commands and describes a straightforward(ish) process to retreive, and decrypt, the user passwords stored in the provided password manager.
Some interesting insight with regards to the possible breaking down of negotiations: http://www.nakedcapitalism.com...
It's a longer-than-a-slashdot-summary-read, but insightful.
We most certainly need Slashdot VirtualCrypto to gild comments like these. Karma alone is not enough and this comment is too damned funny.