Will someone please answer me a stupid question (I'm sorry as I'm not really proficient in the protocol)?  As I understand it mtgox sent a transaction with an obviously invalid protocol message.  Shouldn't messages like this be rejected by the network?  It seems like a large hole to have open, especially if bitcoin becomes very popular and more people start writing (possibly flawed) code to use it.

Or it sounds like the mainline client does validation of the protocol message.  Perhaps this could be broken out into a library that everyone could use to validate the protocol message before it was sent?