This has been patched. Also, nobody lost coins due to this because normal users do not enable RPC. Also, admins who enable RPC to run specific services don't typically surf the internet with a browser and their wallet enabled.