Since they have Kristin Paget on staff now, and showed up an Defcon looking for people to poke holes, I am confident that they are taking security VERY seriously.
As for the "flaw" in the REST auth, I have yet to see a flaw demonstrated that is not straight social engineering or phishing. Even...