And suppose someone is looking over your shoulder while you type your user ID and password? Or someone obtains your customer's data from an unsecured backup? Or men in black hats compromise your system? Or uses a tri-vector amalgamation and a confluence of end user lack of preparedness and old patches?
It's a problem of arbitrary complexity alright.
(Yes, I'm messing with you, in good humor on half a cup of coffee.)
This is all very interesting but pointless speculation since you have not yet read the advisory and/or come up with examples of how to use it. You are just speculating and mixing up security terms.
Which is all fine; but if you want to talk about this advisory please stay focused on what it supposedly addresses. If you want to go off into never neverland, well, indulge and have fun speculating about "what if"s.
When you can demonstrate something real and tangible regarding this advisory great. See my reply above this one for the e-mail to send it to. If you want to play "what if" then, sorry but you don't know what you are talking about.
Moving on before this or I get mod-zapped...