Never saw this email that supposedly was sent to me, but I did run across a patch on CPAN a user sent me referencing this post. I have updated the module to use only bind parameters to guard against this issue. It's currently pending on CPAN