I just spotted a report about the timthumb wordpress vulnerability and whist doing a bit of background investigation I spotted that they were considering using a local MAC address as an encryption salt.
That made me wonder if the imminent arrival of IPv6 enabled servers/sites could introduce a vulerability here because IPv6 often uses the MAC address to generate a unique link local (and in some cases global) IPv6 address.
Food for thought…