Saw this on Freshmeat today:
About: [some open source project] is a real-time collaboration (RTC) server. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). [some open source project] is incredibly easy to setup and administer, but offers rock-solid security and performance.Changes [in the new version]: A security flaw allowed authentication to be bypassed, allowing arbitrary code execution. This was fixed. JDBC and JID optimizations were done.
(Emphasis mine).
Wait, really? rock-solid security != arbitrary code execution, last time I checked.