From Net-Security.org: "The implementation of private notes on plastic.com's
Slashcode-driven site is insecure. Any logged in user can
view any message in the system.
After logging into the site as a user,
(where m_id= a given message's ID) will display the
message, even if you weren't the user that the message
was sent to."