This only affects people who use ssh as an unauthenticated access mechanism. That already requires a fair bit of config to do securely, but this is a bug in their configurations, not ssh. The default of allowing TCP forwarding is very useful, and in the normal use of SSH, results in no less security. The defaults should be secure for normal uses of ssh, and it is secure /shell/ after all.