@mike
Yeah, I agree that the headline is hyperbolic.
However, the cross-site-scripting vulnerability seems pretty significant. The idea that someone who manages to inject a bit of javascript into a website would be able to send span signed with my private key is pretty alarming. Not *too* alarming right now, because they'd have to inject JS into #facebook, #twitter, or #reddit, or #hackerNews.
Even so, it seems like a big enough vulnerability that I wish they'd taken it more seriously.
@kev