What worries me about it is that most web services that exist today are built for the "lowest common denominator".
That is, convenience is king. Security isn't that important. Don't make the user lift a finger unless absolutely necessary.
Look at the race for "1-click" capabilities at e-commerce sites as an example -- I'd be really surprised if the majority of these systems had properly implemented security.
My sense is that many of these systems would be vulnerable to this type of bug. [in fact, how is amazon 1-click done, anyway?]
What scares me is not so much that these bugs exist, but that i don't know which systems they impact....
