I find it repeatedly shocking how stupid programmers are who work in supposedly security systems. Something like this is an absolute beginner's mistake! And such software is supposed to protect users from attacks from the Internet...
At heise online news there's the original article.