Thanks for taking the time to report these issues!
We take security very seriously and will look into this in more detail and let you know what we find.
I would like to take a moment to ask that, in future, you share issues like this by email (or else open a topic and then share the report details via a follow-up private reply): this is simply to guard against the possibility of legitimate security issues being exposed publicly when they don’t have to be, as there could be consequences for many other users in such a case.
Again, our thanks for highlighting this and we’ll report back after we’ve had a chance to verify the cited problems.