Praise isn't warranted when they knew stuff like this existed, but they hid behind the "encoded" veil. These fixes are released multiple HOURS after it is PUBLICLY released on sites such as localhost.I know it can be frustrating to have to update your install but in my eyes finding and patching these exploits is a good thing. Recently a lot of security professionals and companies have been researching and discovering items in WHMCS and other hosting industry softwares. The fact WHMCS is acting and releasing these fixes in a timely manor is a good thing.
Obviously we would all hope for flawless products but thats a pipe dream. Even more when your product has to connect and interact with so many other products. Do not be shocked if there are not a few other "roll up" updates coming down the road from WHMCS.