Perhaps Ian assumes that I do not carry out my own extensive research. He's incorrect.
My concerns are a little broader in that from the outset I have had problems getting this extension working correctly and having had some excellent assistance from Ray with support tickets to fix the bugs, I did get a sense that this extension was released far too early and should have had more testing prior to release. It is, after all, an excellent extension.
So given what happened, when I saw this post initially, it did make me wonder what else hadn't been buttoned down.
At the end of the day, people who use these extensions come from a very broad base with hugely varying experience and training. My request for a check list of additional measures that could be taken to assure security is at it's tightest would be useful to many and surely fits the forum topic perfectly.