Of course, we know this. But it’s still a bit shocking to me to see something like this.
John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box!
Apple claims to have fixed the issue where applications could run automatically out of a Time Machine backup. Look for CVE-2008-0038 in Apple’s About the security content of Mac OS X 10.5.2 and Security Update 2008-001 .
Thanks to Apple for mentioning me. I certainly would have reported the bug regardless, but it’s a nice bonus.
The only thing I wish had happened differently was an earlier acknowledgement from Apple that they realized what I was describing and agreed it was a security problem. I didn’t find out Apple considered it a problem until January 22nd, when they asked how I’d like to be credited for discovery. Most of that time I wondered if I should file more details in an attempt to convince them it really was a problem.
Note: I’m saying “claims” only because I haven’t installed the update and verified the fix yet. I have no reason to disbelieve Apple. 
The new iPhone Dev Center forces a challenge response system. This is a problem at the best of times, but it’s especially bad when the available questions are so lame.
What is the name of your hometown?
Google will give you this.
What did you study in college?
Google will give you this. Or you could just guess. It isn’t really a mystery.1
What was your first job?
Google will give you this.
Favorite pet’s name?
You can’t find this on Google, but you could ask any of my friends.
Name of oldest sibling?
Google will give you this.
I’d rather lose access to an account forever than have someone else get into it. This kind of system needs to remain optional. So whatever’s in the iPhone Dev Center? I won’t see it. The only impact on me that the reorganization had was locking me out.