Anyone had any experience with trying to validate the security of the Salesforce SAML?  

http://www.youtube.com/watch?v=7FP3GXWwnhw

Minute 17.50 asserts that salesforce has a security vulnerability to XML signature wrapping attacks if SAML is used for signing in.  I've tried to ask Salesforce about the potential concerns, but I haven't heard anything back in a couple of days.

We are keen to deploy SAML based authentication in our org to address other IT concerns. 

Has anyone out there used SAML and taken a deep dive to ensure that the SFDC implementation of SAML has been secured since this conference on youtube?