This makes sense and I see it, but there is one matter which gives me pause; when I came to submit the issue, there's some kind of standard severity rating system, which you have to fill in. Questions like - can this issue be exploited over a network, or do you need local access? how many privileges are required? what's the consequence of the issue - degraded service, complete denial of service? questions like this. The issue here fitted into this framework of questions - there was no point where it didn't fit, and the severity rating system was evidently thinking in different terms.