I'd like to politely agree, and disagree with the handling of this bug. YES, you're absolutely right the bridge helper is a security hole.
NO, you're absolutely wrong to remove the bridge helper from the package. A proper solution would have been to include it, and make it not a threat by removing the SUID setting. That way, if someone was willing to change it back to SUID, or root ran the virtual machine, everything would work. The alternative you've left is having to build and install the package by hand... a pretty unacceptable position when there is a very reasonable alternative. I'd like to request this be moved from wishlist to a more appropriate level and FIXED. Thank you.
