Ok - so if it's not signed how come just dropping it into the root directory and clicking update is accepted? Did they just not put any security checks on the update functionality? Or is it that an update run from this directory is only applied to a filesystem and the tar symlink breaks out to root?
Is it really just a case of marking the files as executable sees them run with access all areas?
Hope you don't mind me asking I'm just curious about this because, well - it's interesting :-)