Also the InstantSend vulnerability was described in more detail at the Dash Conference :
https://www.youtube.com/watch?v=d8ExmIqRqOk(see the 40 minutes marker)
Basicly it has to do with how InstantSend can revert back to previous blocks (even after it got confirmed through proof of work).
A masternode owner with six masternodes could take advantage of that by calculating high scores for their own masternodes
by making a lot of InstantSend transactions offline.
Currently the fix to that vulnerability is :
* making it impossible for Instantsend to revert back to older blocks
* the calculatescore now includes a need for 15 confirmations, before it can calculate the score. This means a pack of 6 masternodes can not calculate/influence their score
offline anymore.
InstantSend is currently disabled through a spork and will be fixed in Dash update 12.2
Note 1 : as the fix is still work in progress, the code could still be subject to changes.
Note 2 : above mentioned InstandSend vulnerability and the planned fix is what i summarized from the presentation, it could be subject to misinterpretation from my side.