[lvs]

I apologize in advance for the following unsolicited advice, but if there's anything that should have been learned from the press after the Gox implosion, it's that you absolutely must stay ahead on security and the perception of security. If you don't, the entire cryptocurrency ecosystem ultimately suffers. You have a responsibility far beyond your active userbase to be responsive and professional, rather than dismissive, especially when a whitehat is just offering up auditing. There's no obvious downside to rate limiting some types of API requests, so why not simply be responsive and do it?