This is exactly why I've been saying we shouldn't trust closed-source crypto software, apparent "backdoors" like this are a ticking time bomb for user security. Zero-day exploits are bad enough, but when you add intentional vulnerabilities to the mix...