is this the hacker target the guy earlier in the week was talking about? put in your gmail creds, they get swiped up and you lose your gmail account? This would be the exact thing that would get lots of hacker news accts :)
Don't you have this problem with any 3rd party email client that doesn't use OAuth? With bigger projects it's going to be pretty improbable that a malicious commit will get pushed to the trunk, but still, with small projects and hacks like this it's always a possibility.
I was more talking about someone posting a thread on HN earlier in the week that said someone was going to post something to fuck with HN users to get their personal info.
