automatic connect to _unsecured_ network should not be possible

[Henning Moll <newsScott gmx de>]

I posted my question already at 
https://answers.launchpad.net/network-manager/+question/26326 but 
didn't get a satisfying answer. Here's what i wrote:

---snip---
Im not sure whether to file a bug (or enhancement) for the following 
issue:
Suppose you are connected to a _secured_ AP with SSID "XYZ". Fine. Now - 
for any reason - this AP is not running/visible/..., but another 
_unsecured_ AP "XYZ" (same SSID!) is available. (Maybe it is 
neccessary, that it uses the same MAC address. Due to lack of 
hardware/knowledge i can't verify that).
Knetworkmanager automatically connects to that unsecured network, while 
the user is still thinking using the normal secured network. A security 
problem?
I don't know, if it is possible to "overlay/hide" a network (using more 
power, another channel...)
I tested this behaviour with the same AP: first i created a WPA2 secured 
AP and connected to that. Then i changed the AP to be unsecured. After 
a reboot of my computer, knetworkmanager connects without any warning.
So in my test scenario "both" APs are using the same MAC addresse. But 
for a real "attack" this should be no problem.
It seems that it is sufficient to unplug the power cable of my 
neighbours AP in a very short, unobserved moment, while providing 
a "backup" AP with same SSID/MAC at the same time...
I posted the same question at 
https://answers.launchpad.net/ubuntu/+source/knetworkmanager/+question/26067 
and recieved an answer which i understand to be a confirmation of my 
concern. But still my question where to file a bug report is not 
completly answered. What's your opinion?
---snip---

Best regards,
Henning