Hiro: Weak crossdomain.xml

The e-mail list management service used by Blockstack operated by MailChimp has a lenient cross-domain flash policy -- this is not a vulnerability, however, the crossdomain.xml used by the mailing service is more lenient than used by normal web services...