Finding the second attack was a result of playing around with this, and looking at the client-side JS code.
Finding the first attack was somewhat accidental while trying things in the JS console that I actually expected to fail.
The first is a whitelisted function which allows querying the DB. This does check for permissions but there aren’t any on child tables, so…
The second is because check_parent_permission is trivially (almost embarrassingly) avoidable - it would be OK if intended only for use by trusted code, but not for stuff from outside.
It’s been nearly 2 weeks since I sent emails off with no response so I assume there is no interest and I will post them here so people can discuss/develop patches.