The proposed fix does not work. How about placing a .htaccess with deny from all in the data and torrents directories ? I'm not sure that there is a vulnerability. My version of blogtorrent (<0.92) has automatically created the .htaccess...