I agree. Discovering the local path may be considered a risk, but in most cases the risk is nil. Consider compiled binaries. They also leak paths of the developer's compile environment (mainly PDB - http://support.microsoft.com/kb/121366). E.g. My firefox.exe is: e:\builds\moz2_slave\win32_build\build\obj-firefox\browser\app\firefox.pdb This reminds me of the iPhone worm. Everyone knew about the default root password years ago... it is not like people weren't already scanning for gaolbroken phones before worms were released >:) Then again, the worm brought attention to the fact. PDF's are mainly used for two reasons: 1) Prevent end-user modification 2) Because Microsoft Word conceals information & tracks changes etc, and too many government & enterprise organisations have been bitten by it that PDF is a rule of thumb. At least in my experience. Considering that, perhaps for the PDF format specifically this could be an issue, under the assumption that consumers use PDF /specifically/ to prevent data leakage. -Patrick
