I think it's an older issue. Before it was sold, GEDmatch was ran by several part-time developers. It was running some old PHP 5 version the last time I checked. In general I advise to be very sceptical of amateur-ran genealogy sites - I know of at least 3 search engines with obvious SQL injection issues (which allow me to run better queries, but still). All of the major commercial sites had some sort of leaks as well (I'm not sure about FamilySearch).
