Holger, i agree that this is not as a big vulnerability as it seems. But as the key itself is available freely on the Internet, one can find it and use to decrypt passwords if he gets someone's properties file somehow (say someone's share it in the forums to investigate some issue without knowing he is actually sharing his passwords in almost plain text).
↧