The admission system was based on what is technically called “bearer” tokens (wristbands). Such tokens are NOT actually personalized in any way, or tied to the identity of the person they are given to through some kind of proof. If you “have” the token, you ARE the bearer of the token.

There's a lot of ideology to get past in teaching people about security

There's an easy solution if this hits you. Just roll back to Firefox 2.0.0.1 till the problem is fixed.

A cracker gained user-level access to one of the servers that powers wordpress.org, and used that access to modify a download file...

Via the always surprising Pamela Dingle...

You might think I would be abandoning Wordpress. But I won't. I like it and want to continue to explore what it is like to work with it.