[eksith]

Not directly, no. But anecdotally, and on rare occasion, I've heard of legal teams jumping to conclusions etc... and really coming down hard on people who disclose to former employers.

At this point, the option with the fewest risks to your name, if you chose to use it in the disclosure, would be to exclude any mention of the live site completely. Make it appear so that this is only something that you came across on the code and, with your best linguistic poker-face, strictly keep to the code alone without even marginally grazing the live site.

Besides that, you should try and relax a bit. I know, it's easy for me to say, but that will help you come up with the right words. You also have to keep in mind that even though it's a pretty serious bug, it's still A bug. This will far from destroy the company if fixed immediately, as you say, it's a pretty simple fix. You shouldn't imagine the worst case scenario.