Any unencrypted communication between payjoiners that used this directory server may have had their PBST exposed and cannot be certain those transactions have the privacy protections they thought they had. 

Can this be explained... in plain language?

028559d218

bitcoin

> Due to a docker misconfiguration, the payjo.in directory server had an open redis database, allowing unauthorized parties to observe exchanges between pairs of senders which only support BIP 78 and receivers which support BIP 77.
>
> Some payjoins which used the backwards compatibility of BIP 77 receivers with BIP 78 senders during this period may thus not have the common input ownership heuristic protection they otherwise would, but the unauthorized access does not change the nature of the risk regarding the user custody of funds.