I do not consider it to be a critical problem, as just about every web application out there can be exploited in this manner.
I won't argue that many web applications have this vulnerability, but I would like to point out the severity to other vB administrators. If an admin of your forum is tricked into visiting a web site containing one of these self-submitting forms, an attacker can gain administrative privileges on your forum, and perform other administrative tasks in the context of the admin who visited the malicious web site.
While this exploit requires some interaction from a site admin, it is not very difficult to trick someone into visiting a site.