Who has port 631 exposed to the public internet?

The lan attack where someone "may be able to spoof" is of course more of an issue, but "may be able to spoof" is not the same as "Can totally spoof with ease".

It is odd that the Cups people didn't want to address these matters, though.