This is pretty a lengthy read and if I follow it correctly, then the actual problem has not been fixed? So Wordpress is still not able to differ between injected serialized data (which is dangerous as the PHP manual states as well) and that data it serialized on it's own, right?