I've sent email and posted to comp.lang.ruby as well. Hopefully this will get some attention. But if you are using WEBrick for any public production web sites, which most do not, then don't until this is fixed:
http://rob.muhlestein.net/2006/12/webrick-security-flaw.html