I agree this is scary, but I wonder if it's gotten blown out of proportion. It looks like only an unsigned copy of the app is exposed, which makes casual piracy hard since without jumping through hoops with developer tools, users can't run an unsigned app on the PlayBook. Someone would have to stick their neck out by registering with RIM as a "developer" in order to re-sign pirated apps... and RIM could easily put a stop to that by revoking their signing privileges.
It sucks that the SWF itself is now easy to get at, but I'm not even sure that makes much difference. Think of the kind of person who could successfully rip off your app using the SWF -- someone who could decompile the bytecode, understand the decompiled code well enough to rip out your branding, and remove all the QNX dependencies from it. Do you really think a hacker like that wouldn't find some way to get the BAR file off the device anyway?
Still, I hope RIM issues a public response soon, if only to show they're responsive to the developer community's concerns...
- Peter
