Posted by Mario Vilas on Aug 05

%APPDATA% is within the user’s home directory – by default it should not be
writeable by other users. If this is the case then the problem is one of
bad file permissions, not the location.

Incidentally, many other browsers and tons of software also store
executable code in %APPDATA%.

I think “security nightmare” may be a bit of an overstatement here. I’ll
refrain from panicking about this “issue” for the time…