The flaw he appears to be talking about is that the OpenPGP MDC doesn't cover metadata; the message must be parsed to recover the authenticator before the authenticator can be checked, and so the ciphertext is malleable.<p>The properties he's talking about for CFB are largely true of CTR as well (the gold standard in streaming modes). I think, by suggesting PGP use a "different mode", he may instead mean it would be better if PGP used an authenticated encryption mode.<p>Authentication is a weak spot for PGP, since its design predates much of authenticated cryptography.