There is certainly a vulnerability.. however it's not as easy to execute as some people here believe.  There's a window and a "catch the running train" situation that must be overcome.  

I'd be interested in the proof of actually pull off a successful execution.  (not being sarcastic.. i really do want to see it done, and data/proof published so we can all have a look)