Also the InstantSend vulnerability was described in more detail at the Dash Conference : https://www.youtube.com/watch?v=d8ExmIqRqOk
(see the 40 minutes marker)

Basicly it has to do with how InstantSend can revert back to previous blocks (even after it got confirmed through proof of work).
A masternode owner with six masternodes could take advantage of that by calculating high scores for their own masternodes
by making a lot of InstantSend transactions offline.

Currently the fix to that vulnerability is :

* making it impossible for Instantsend to revert back to older blocks
* the calculatescore now includes a need for 15 confirmations, before it can calculate the score. This means a pack of 6 masternodes can not calculate/influence their score
   offline anymore.  

InstantSend is currently disabled through a spork and will be fixed in Dash update 12.2

Note 1 : as the fix is still work in progress, the code could still be subject to changes.
Note 2 : above mentioned InstandSend vulnerability and the planned fix is what i summarized from the presentation, it could be subject to misinterpretation from my side.