The researcher who rang alarm bells about a serious Javascript security hole in the popular Mailbox iPhone app, says that there is still a problem - even though the company itself believes it has resolved the issue.