Obviously, I trust you to know about these things, and you point to other bad examples which I'm not familiar with. In this context though, code execution isn't necessarily important (though I'm sure that's a dream scenario). The ability to snoop on assumed secure traffic is a pretty sweet starting point.