The password protected textbox control. Cure to the hack (updated)

In the past days, we have seen an exploit on how to get the text behind the password protected textbox control. This was sure a security breach. Windows XP don't have the same problem with their password protected textbox. They use their control from comctl32.dll and not user32.dll! Our textbox has the same protection. It is subclassed to intercept the WM_GETTEXT and EM_SETPASSWORDCHAR by transforming them into WM_NULL upon receival. Download the source and check it out. Any comments or suggestions are always welcomed :-) Subclassing source was borrowed by Stephen Kent's excellent article on PSC site : http://www.planet-source-code.com/xq/ASP/txtCodeId.30275/lngWId.1/qx/vb/scripts/ShowCode.htm