If it's any help, my reaction was "Simon's fixed a security hole - that's good" rather than "Simon is a muppet". The fact that you got the fix out before people felt a need to post an advisory was damn good, and since the vulnerability involves spoofing to exploit under most circumstances, it's not too likely to be a worry unless someone is specifically targeting an attack at you.