"It does however
1) increase the chance that the account can be stolen.
Not correct. The owner key has ultimate control over an account and the
issue only concerns the active authority.
Even if someone managed to access the active authority (by stealing 3
out of four keys), all the attacker can do is to take the funds and
change the active authority. The latter can be reverted by the owner (in
this case the committee-account)
2) It effectively removes the ability of the committee to add or remove
active authorizations (ie other committee members) to the account. This
instead needs to be done by the existing active authorities until this
bug is fixed. "
Need to check on this ..
It should certainly not be the case!