I've mentioned before about the go/wish form at Adobe for reporting bugs and making enhancements requests: http://www.adobe.com/go/wish

Adobe is pretty strict about this. You can blog all day about your never-ending desire for the cfcowbell tag, but unless you make a 'formal' request, you are less likely to get the cowbell you think ColdFusion so desperately needs.

What I didn't know until today (thank you Jeremy Prevost!) is that the go/wish page also makes mention of how to report security problems.

You can report a security problem with any Adobe product here: http://www.adobe.com/support/security/alertus.html