Or it sounds like the mainline client does validation of the protocol message. Perhaps this could be broken out into a library that everyone could use to validate the protocol message before it was sent?
No, it's not a flaw. You can read the chatlog I pasted on page 2 for more information why.