The CWP team should get to this, but their timeline is always opaque. Meanwhile, I myself am not too worried about it as a break-in vector, as my config is generally hardened, as is Postfix so I shouldn't become a UCE relay. Not being an open relay and rate-limiting your outbound mail flow will really make you NOT a juicy target for spammers.