I welcome peer review, which is why I publish all this stuff, and why I repeatedly ask people to verify my code. If you've actually found a way to circumvent the apphash verification routine, I would be delighted to hear about it and would lovingly craft a fix immediately.
Why should anyone help you hop onto the endless cycle of "while (1) { find browser plugin evasion tactic; patch }" when it can be avoided entirely by taking a different approach? Especially when your claims of "host-proof security" don't mandate use of said plugin?
Send me a note once you hit a million downloads of the plugin. Perhaps you'll be more willing to listen then.
So... I'll take it that means you haven't discovered a way to circumvent the verification, and you're just being shrill for effect. Send me a note once you have - I'm always happy to receive constructive criticism.
