I made this change as well. I don't necessarily see a problem, even if there is a security vulenrability (which I'm pretty sure is NOT the case), of making this change to your LOCAL development environment. We don't deploy files exploded in any other environment, anyway. I did this so that I can use JRebel to reload changes to class files dynamically.
Thanks for sharing your findings.