Thanks @dvcm
Appreciate your concerns but you’re a little hot under the collar. I suggest you take a step back and breathe.
We take security VERY seriously and are of course working on a patch to fix this. We’re not knowingly risking anyone’s site and that’s an unfair comment. There’s nothing to suggest we wouldn’t fix this. Why wouldn’t we?
A positive “hey this is broken? Did you see it? Please fix it!” --> would have been enough 
One of the strengths of Pulse is it’s security. Coming from a WordPress world of fixing site after site from exploitation we want a CMS were we don’t have to do that anymore. Which is what Pulse is and it’s aligned with our core values.
Pulse 4 is already awesome. A solid CMS deployed on 1,000s of sites. We use it regularly for client work also. Pulse 5 will be a big step forward and build on what is already there and make it even better.
If you were paying attention, Pulse 4.6.2 came out in December (Pulse 4.6.2 is here today with deeper blog migration and more fixes) - so we are still working on it - so of course it will keep being loved. Pulse 4.7 is around the corner with this security fix and a few other updates.
I think you mis-judge creating software. There’s nothing trivial about it and not paying for Pulse tells me all I need to know about you I’m afraid 
I’m closing this thread as having this conversation with you is meaningless as we know what we have to do and want to make Pulse the best CMS available for freelancers and designers. Pulse 4 is on the way there and we’re getting closer every day - so let us get back to work.
You’re free to stick around and buy it or go back to another system. Choice is yours but as you’ve not invested anything in Pulse except a little poking, I’d suggest a different tone next time 
Thanks 