Saw this on Freshmeat today:

Changes [in the new version]: A security flaw allowed authentication to be bypassed, allowing arbitrary code execution. This was fixed. JDBC and JID optimizations were done.

(Emphasis mine).

Wait, really? rock-solid security != arbitrary code execution, last time I checked.