Any insights into the exploit? Obviously the bug here is that they got the IP without any confirmation from me; ideally Skype should be popping up the "new buddy request" dialog, but it's not.

So is this a fixable leak, or something core to the protocol (i.e. do you request a buddy P2P too?)