Thank you to dorkerdevil for reporting this vulnerability! Given that this was a severe bug, I have given 10 stars as a reward in accordance with the game's responsible disclosure policy. Happy hunting to anyone this motivates. :)
For those curious, this was a reflected XSS attack. This article is a good summary of how these types of attack work, but the quick summary is that a malicious attacker could have sent you a link that, if you clicked it, would have given them access to your in-game account. Vigilant users can avoid these kinds of attacks - if someone you don't know sends you a fishy-looking link, you probably shouldn't click it. But even better is to reduce the number of vulnerabilities that can be exploited in this way by attackers, which I've now done thanks to dorkerdevil's report.