Or it sounds like the mainline client does validation of the protocol message. Perhaps this could be broken out into a library that everyone could use to validate the protocol message before it was sent?
No, it's not a flaw. You can read the chatlog I pasted on page 2 for more information why.
Must've been quite exhausting to keep arguing for such a long time with the guy that just seemed to refuse to even consider your viewpoint. I really admire your patience there, genjix.