Security announcements

MSA-14-0028: Cross-site scripting possible in external badges