Lately security email address became a honeypod for seo spammers. So… if we still need this address (security issues are still not addresed quickly or at all, so maybe it is enough for people to report them in the forums like the rest stuff), maybe we should change the address, say to sec_issues, sec_report or something like that and then mask it better in the announcement and other documents.