afaict its false because they have hardcoded a key into the client.

therefore the server cant assign different RSA keys to different clients to map their inputs/outputs.

fd0 was premature in thinking the vulnerability hasnt been addressed.

https://bitcointalk.org/index.php?topic=5547639.msg65512594#msg65512594