Apple credited me with reporting the bug "CVE-2008-2314".
CVE-ID: CVE-2008-2314 Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3 Impact: A person with physical access may be able to bypass the screen lock Description: When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password. This update addresses the issue by disabling hot corners when the screen lock is active. This issue does not affect systems prior to Mac OS X 10.5. Credit to Andrew Cassell of Marine Spill Response Corporation for reporting this issue.
December 1, 2008