hmm...

I would expect them to be designing out the security flaws from day one, but then not everyone works that way. I have worked with developers who build up and out until they have a skeleton app and then flesh it out and fix problems as they go - not my personal preference, but it takes all sorts.

Over and above that - this is a pre alpha release right?