I admit I only skimmed the actual article. But just by reading your post you're just telling us that when the client's security is compromised, the client's security is compromised. And you should never trust a client. All this can't be news.
What does an actual exploit look like?