Yes, I read this today along with the news that the Feds have settled their anti-trust suit, agreeing to a clause that allows MicroSoft to keep any protocol involving "security" secret. This will allow them to not only plunge forward with Passport and other .NET pieces without being required to publish protocol details but to continue their "embrace and extend" efforts to replace open, standardized protocols.
<p>
So...
<p>
Does Bill Gates keep his credit card information in Passport?
<p>If so, the author of this exploit is far more scrupulous than me :)