If you've discovered a vulnerability in MailChimp, please—for the love of all things holy—don't share it publicly. There are a lot of accounts and email addresses at stake here. Send any urgent or especially terrifying problems to firstname.lastname@example.org. Use our public key to keep your message safe. We'll get back to you as soon as humanly possible (apologies in advance if we take the time to fix the problem before we respond).
MailChimp, and the entire email ecosystem, thanks you.