Comment 3 for bug 1988026

It's actually worse that just the None case Jens mentioned, I can use any random string and create a default security group for it as 'None' is what is actually being used for the project ID, not the python None.

And I verified that quotas will not catch this, I was able to create default SGs for more than 10 "project IDs" successfully.

I started looking at the code but it's end-of-day here so will look further tomorrow.

But I'll change this to Critical to get some eyes on it.