Both of the above issues are no longer vulnerabilities in the production gridcoin client. There's the edge case of attempting to steal a cpid when a beacon expires but we can delete the beacon or the pool could force a cpid change.
You really aught to follow the developers responses to this on slack, you're behind on information.