The big question is how long has this been going on and has someone actively exploited it?
This is simply gox's problem, as they shouldn't follow the transaction flow this way in the first place.
It's wrong to think this is just Gox's problem. It's a problem of Gox's customers (large part of bitcoin community), and this is a problem of Bitcoin public image. When "the oldest and at one point the biggest bitcoin exchange" is run by such moron, that taints the whole community.