How to send suspected security issues?

I think I may have run across a (minor) security issue that I would like to mention but I would prefer to do it in a non-public medium.

Do you have a preferred way to do this, maybe a security email address?

bye, Alexander

hello (at) piwik (dot) org

I have send my report to the address.