Fixing security holes without disclosing the problem to the public.. yup I've seen that before from openbsd