All possible means of bypassing the normal operation of the module are considered 'vulnerabilities'. You can freely report them with and issue to vulnerabilities section.