> The second is that it uses #readFrom: of Object which just evaluates
> the contents of the stream and checks if the result is a boolean.
> 
> Impact:
> Any host that can send a SOAP message to a Squeak sever or client can
> execute arbitrary Smalltalk code in that image.
> 

Ouch, guess I won't be hosting any web services in Squeak.  None of this 
affects me though, since I'm only using it as a SoapClient, and I 
control the server side services, so I trust them.  But thanks for the 
warning, guess I'll continue using .Net for writing all my Services and 
Squeak for the web GUI against those services.