I was part of the winXP/lavalamp deal too, so I do realize they use external resources. But I also have a sense for business, and it does NOT make sense to contract a company that does not care at all about security and has incompetent programmers (I am sorry, but using frontpage to generate some code for you, and thinking it is all working and secure does not make you a programmer). There is also reference to an email address on a different domain, which I verified, but could not find useful info about the company.
I suggest people that signed up for this contact this company AND microsoft before this gets out of hand.