Thanks for the info, it seems there are a lot of issues in using them. I'm surprised though it took this long for it to turn up, maybe it's a recent flaw with an update to the API? Maybe they'll give you a reward for finding it.
this is NO RECENT FLAW!
the default bitcoin wallet(back in the wxWidgets times) used to be able to spend 0conf inputs. People used this to scam other people, and those 0conf sourced transactions wouldnt ever confirm. this is why this got removed from bitcoin-gui in the first place. This has been almost 2 years ago I think!
