Just a friendly reminder: if you discover a security issue with a module, DrupalModules.com is not the appropriate place to report it. Security issues should be directed to the security team. Thanks!
PS: If you're not subscribed to Drupal Security Announcements mailing list, you should be! :)
"This is such a simple module to use I rated the documentation as five, even though I have not even looked..."
"This is a bit mind-boggling that this wouldn't use tokens. So all emails are generic, with no customization..."
"This module is great, most of Drupal's weakness has been in people not understanding it's administration..."