ok so i jsut got around to looking at this. All i can say is WTF... and not to you guys but to us...
Something was enabled in the client-side squirrel scripts which allowed this. No idea who did it (it may have been me in the early hours of the morning...) but those functions have now been removed. Atleast i hope thats what they were using otherwise i'll have to have another look.
Oh and with regards to the XP discussion in the topic, Get off XP you pleb. An XP box can be compromised in seconds and its actually what we use to teach apprentices security where i work. We setup a bench of XP machines and show them how they can be broken without even touching them. And yes, they have all the updates, a firewall and an up-to-date antivirus installed.
Plus, it's a pain to maintain software for XP these days. Chances are that the next LU update, which fixes these issues, won't work with XP. Mainly because it's effort to install the stupid XP targetting pack in VS2015. My current test builds will not run on anything older than Vista. The upsides to this is there are certain security and performance features which can now be activated.
Dropping XP support is to save you guys who insist on staying on it. If you have a machine that runs XP, DO NOT CONNECT IT TO THE INTERNET.