Hi!
Thank you very much for reporting this back to me!
I will look into this in more details, but fortunately this is only a back-end accessible file inclusion. Basically only the logged in administrator could maybe do something with it, it is not accessible for anyone else. Nevertheless I will definitely change it, just in case.