I posted a reply there asking this:

 

Is there any evidence these were "taken off" a PlayBook?

Or were the downloads intercepted? Apparently the App World data downloads (as opposed to the metadata and other interactions with the server) are done over HTTP. This is an issue some of us have just been analyzing in the dev forums.

Would be nice to see confirmation that this was the approach used. Anyone know? I'd be surprised if this really came off the PlayBook after it was installed there.

If it is that is a kinda scary to think that someone could get a file that easy.

It is. He posted links to the actual swfs.

 

This is shocking, to say the least. These things should really be encrypted!!!

Confirmed. It appears that performing a full backup using DM creates a ".bbb" file. The bbb file is a zip archive, and it contains not only app data, but also application binaries.

Reference:

wow that's really not good news, I think we should tell RIM to urgently do something about that

@sergeh, unfortunately it's unimaginable that RIM doesn't know about every aspect of such loopholes.

This means they've chosen to launch the product in this way, without informing the developers in advance of any aspect of it. They've also chosen not to support dynamic licensing properly for the PlayBook (apparently), to remove the Payment SDK for now with no warning, and not to release the Advertising SDK yet or in the near future.

Personally, I'm pretty much floored by all this, and have no idea what to do next, but it's pretty clear that the options for effectively and safely monetizing our apps are very limited at the moment. I would have been much happier to have known all these things four months ago...

My apps are WebWorks which means completely unprotected JS and CSS code. Nothing stands inbetween me and people stealing my stuff now. Great!

You can run a minifier/obfuscator tool, though of course that's only of limited practical use... I'd been doing the same anyway, just in case it helped with performance.