Thanks. I thought I looked there, but clearly not hard enough.
Is there a specific method for reporting security-related bugs? While the bug I found isn't a security vulnerability per se, it does have security implications. Since Pac is no longer maintaining speedrun.com, the post on the first page of this thread doesn't really apply anymore.