This only affects a specific form that the user might interact with once a year (and that's being really optimistic), I don't really see it generating enough requests to make TLS attacks easier.
If it increases the attack surface at all, it makes it easier. Being that this site facilitates monetary transactions, I would hope they would be trying to limit their attack surface in any way possible.
I think the real point here is that there are more secure solutions. Saying that it's not all that less secure isn't a great argument.
>I think the real point here is that there are more secure solutions. Saying that it's not all that less secure isn't a great argument.
I'd say it's a very good argument, this appears to be a non-issue that doesn't justify the dev time spent on "fixing" it. We don't live in a world with infinite dev resources.
Edit: Since someone appears to disagree, how would you exploit this "bug"?
I think the real point here is that there are more secure solutions. Saying that it's not all that less secure isn't a great argument.