GD it. I just tested this on one of my lower-traffic forums. It is a real exploit. It does require some programming skill to exploit, but it's a very real threat unfortunately. It's actually easier to do on SMF 1.X than 2.X, but it still requires a boatload of custom programming. Basically it comes down to attempting a ton of hex codes.
The faulty code is this:
if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10))
It should be found in /Sources/Reminder.php, though the line # is going to vary based on mods. Changing it to !== should do the trick, as one of the redditors pointed out.
Just FYI, it's always better to PM theymos with these sorts of things so he can apply custom patches/edits. Making a thread about it does increase the likelihood it will be patched, but it kind of assists anyone wanting to target this forum in particular.