Well, what I read in the thread about this is that at least one other implementation of this API is adding the security check. If apps come to expect the check to be in the implementation, then they probably won't also check things themselves.
-- see shy jo
signature.asc
Description: Digital signature
