David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
The old stable distribution (woody) does not contain loop-aes-utils packages.
For the stable distribution (sarge) this problem has been fixed in version 2.12p-4sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.12p-9.
We recommend that you upgrade your loop-aes-utils package.