Just out of curiosity what was the intended use for it in Electrum?
AFAIK this is the way the servers communicate with the clients that connect to them. For example when you send a transaction with low fee you receive a message telling you why your transaction was rejected with a "low fee" message, or if you broadcast a message with wrong signature,... you'll receive another message, and so on.
The problem is that these messages (which are normally bitcoind responds) could be anything instead of being hard coded in the client and being predefined.
As kano stated the feature is not like the old alert system in core that required keys before alert messages could be sent to the network.
Of course the core alerts required a key (which also was compromised at some point prior to the system's retirement) while Electrum messages can be sent by anyone. And I do realize that it wasn't a good example but there is a good similarity there, which is why I mentioned it in first place.
For starters both cases are following a similar not-predefined message structure which the sender decides what to send. So the message could display anything including a link.
So that's your excuse for not doing anything about it when core started dealing with, quite a while ago, their WAY more secure method than yours?
And your argument is also hiding the facts.
The 'compromise' in security was not certainly know, and was not due to the secure method they used, but certainly assumed to be correct when MtGox was taken control by 'authorities' in Japan.
The assumption was that since Mark also had a key, the key was probably in the possession of 'the authorities'
Your example given is pointless at best, since there's really no comparison.
... are you gonna give up this pointless argument that anyone with any understanding of security would not argue? or continue digging your own grave with it?