The second security flaw is related to HTC phones with version of Android below 2.2. It's concerned with the automatic update of the Flash Lite plug-in, because it allows installation of software packages without the user's consent. This is a security loophole that may lead to other software applications (like malware, for example) being installed without the knowledge of the phone owner. The good news is that this was fixed with Froyo's release, although only one-third of all HTC Android phones have version 2.2 on board.
We are sure that Google is working on these (and similar) issues, but sometimes it is really unsettling when you know how easy someone can access information on your phone. Fingers crossed that in the very near future Google will deliver safer and better version of Android, starting with Gingerbread.