It really worries me when I stumble across an insecurity in a website. I don't go looking for them, but when I find one, I feel like I have a responsibility to do something about it. I don't mean tell the world about it – that would be bad for the company and more importantly for their unsuspecting customers, I mean to let them know.
In the case that I found today, I have used the "Contact Us" part of the site, and will call their head office myself tomorrow if I haven't heard a response. I really hope they take me seriously. I will offer to help them out to resolve their problems of course, I have no desire at all for them to be hacked.