It's astonishing nobody found this till 2016, given that people were stealing WoW gold with keyloggers installed though 0 day flash vulns a few years before that.
I think it would be a little harder to make monetary gains off of this. You still needed to be in physical proximity to trade. I'm not sure if you had the ability to script over the mailbox and change recipients, that could have worked perhaps.
You'd get much more bang for the buck getting access to the whole account.
I'm not sure. I do know that you could, for instance, have your gold sent to a scammer with little to no recourse. It may be possible that this bug still exists because it's one of those "bugs that is also a feature".
Blizzard's response was to modify /run to pop up a dialog first warning you that /run is used by scammers and requires you to confirm that you know what you're doing.
