Thank you for your efforts, @spaced. Maybe the Steemit team could create a https://bugcrowd.com/ account and handle bugs that way? I'd imagine there's an incentive for them to not publicly want their issues aired out, especially if they could be exploited before being patched. Responsible disclosure and all that. I think visibility on this stuff is incredibly important, I'm just not sure this is the best medium for it regarding everyone's best interests.

Also... boobs and cat pictures. People like silly things and audience for a deep dive technical analysis of security vulnerabilities is small (though I enjoyed this).

Anything that is too dangerous to share publicly will be disclosed privately to the developers directly.

Thanks for that. The world needs more white-hat security professionals like you. I hope your efforts are properly rewarded.