FYI All your subscriber's emails are accessible at https://whiteboardfree.com/email_subscribers.json since you didn't put any authentication on those endpoints. It's a basic Rails app so I'm guessing other users may got a hold of the list already.
So you're telling me that someone who created a site to post job adverts for jobs that don't test programming skills, has managed to write a security vulnerability into the site? Never!
I don't agree with making candidates write algorithms they don't need to know in a format that they don't need to be able to write them, but I am in favour of testing candidates thoroughly.