The creator of http://guntada.blogspot.com emailed Tech Crunch to explain a security loophole.

If you�re already logged in to any Google account (Gmail, etc.), and visit that site, he�s harvested your Google email. And proves it by emailing you immediately.

This isn�t a particularly dangerous exploit, but it sure is something a lot of people would love to have on their own sites. The ability to harvest emails from anyone already signed into Google, not to mention just see exactly who�s visiting the site, is extremely valuable. See the second comment thread here for a related issue with App Engine a month ago.