The idea that the session ViewState is a static encryption shared across all installs (unless I misread that)... speaks poorly of the software product in general.