Yes, don't trust me, please. I am human and will make mistakes.
The CSRF vulnerability on ClearCoin is fixed. I will be contacting any ClearCoin customers who have changed their refund addresses to make sure that they were not the victim of a CSRF attack.