Well, first of all. if the vulnerability is not with Joomla! itself, then your title is highly misleading and can cause a lot of people unnecessary concern, so I suggest you change that if you don’t want to mislead people.
If you believe you have found a vulnerability, you should always report your findings to the dev team of the involved project. If the problem is the result of the component, or the “bridge”, report your findings to the component or the bridge developer.
Generally, I tend to agree with the position that the Joomla! dev team has recently taken.
You might also consider that if you are, truly, a n00b, then you might want to have your findings vetted by these developers as they are far more likely to be qualified to determine if a vulnerability really exists or if you just have an insecure implementation or installation.
–DreamHost Tech Support