Comment 3 for bug 1204000

Yes, I think this is reasonable to fix in the open without any announcement. The situations under which this could be maliciously exploited are arguably contrived and would require some contributing vulnerabiity (ability to force reboot of a provider's server, et cetera).