Something Old
The linked security report designates the free account creation capability on Radio Community Servers (which applies to all xmlStorageSystem based servers, for example also to Python Community Servers) as a major security hole and recommends all users to shut down their Community Servers. Reading through the whole thing, the problem is as follows: anyone can create a user account via XMLRPC (which is what clients use) through the xmlStorageSystem API on a Community Server and fill it with content. As a result, this obviously means that anyone can place arbitrary files on the Community Server. A nightmare for many system administrators. For me, this is a classic conflict between open systems (not in the technical sense, but in terms of communication) and closed systems. Proponents of closed systems will of course always point out the security problems associated with open systems. Proponents of open systems will of course always point out the communication and usability hurdles associated with closed systems. Both are right.
But what exactly happens when such an open system is abused? In principle, data gets distributed. There are no direct responsible parties, since the data can be falsified during technical registration. The administrator must react afterward - someone points out illegal content, the administrator blocks the corresponding account (and thus all files stored there). Of course, in today's paranoid times, this is not secure enough for many - but is it really as catastrophic as described in the security news?
What about wikis - anyone can write anything there. Some wikis allow file attachments - so anyone can upload files. What about forum systems like Advogato, Kuro5hin or similar - anyone can post anything there, sometimes even anonymously. All wide open barn doors? Or is it not perhaps simply the case that there are systems where openness is just a feature?
Of course, every open system will eventually be abused by clowns who think it's absolutely cool to leave virtual graffiti everywhere - nearly every larger wiki goes through this phase more than once. Then there are appropriate mechanisms to notice such activities in time and take corresponding measures - sometimes you just have to operate the system more restrictively for a while. But should we really do this in the long term only with protective walls and barbed wire?
Do we really only want to open ourselves to the world after presenting our ID cards and police clearance certificates? Somehow that's too boring for me, sorry. So I continue to maintain - contrary to the recommendation in the referenced article - an open Community Server where anyone can set up their own blog. Because that's what the Community Server is for.