As much as this was done irresponsibly, is a fix planned for this? CSRF is, by now, a widely investigated field of web application development; most of the mystery is gone. To borrow a term from The Old New Thing, it's one of the taxes everybody has to pay.