Judging by the bitcoin-central Github repo, I'm wondering if this isn't due to the version of Rails they were using:

https://github.com/davout/bitcoin-central/blob/master/Gemfile#L3

3.1.3 had a slew of security patches this year: http://www.cvedetails.com/vulnerability-list/vendor_id-12043/product_id-22568/version_id-129541/year-2012/Rubyonrails-Ruby-On-Rails-3.1.3.html

Of course, just because this is on the Github repo, doesn't mean they are using this code in Production.