ToContainsFilter etc. exploit?

Since ToContainsFilter use substring matches, JID strings like "" will be matched by "", which is a user on a completely different server.

I’‘m not sure if anyone is using this feature to provide any sort of security (e.g. to identify a bot’‘s ‘‘master’’), but if you are, I’'d probably advise against it for this reason.