Not a bug...
...just another undocumented feature. Just ask the designer.
Tickled me that they're now enforcing SSL for connections to their website. I bet that raises a few smirks there too. ;)
What I can't help wondering is... are we all expected to go on pretending that, just because they haven't been publicly unpicked yet, all the other, more recent NSA NIST recommendations are secure? Shirley not!([1],[2],etc...) Yet there would appear to be something of a PR campaign going on to achieve that! How quaint.
[1] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
[2] http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=1