[smtddr]

This, or somebody is making a lot of money selling flawed security infrastructure and doesn't want anyone to find out.

But yeah, Do... Not... Report... security issues unless-

1) The company has a history of being "chill" with that kinda thing: e.g., Facebook, Mozilla, Google, etc.

2) You do it super-anonymously. Like, drive 3+ hrs away to a college campus you've never been at. Go into their computer lab when it's really busy. Create a new yahoo email account with a name that is opposite from any hobbies you have, through a proxy in another country. Send them an email not using your regular grammar style. Stay in the lab for 3 hours, send the email during the 2nd hour. That way, if there are any cameras in the room they won't just see one person walk in and walk out within the 5mins the email was sent. Then leave the lab and never return, never log into that email account again.... ever.

[welterde]

Or just use mixmaster or i2pmail. (also.. don't they have user accounts in the computer labs?)

[deluxaran]

That depends on what internal rules apply to the said university. For example the university that I've attended forced us to log in on Windows via LDAP but you could connect on linux without any problem without any account.