automatic connect to _unsecured_ network should not be possible

Im not sure whether to file a bug (or enhancement) for the following issue:
Suppose you are connected to a _secured_ AP with SSID "XYZ". Fine.
Now - for any reason - this AP is not running/visible/..., but another _unsecured_ AP "XYZ" (same SSID!) is available. (Maybe it is neccessary, that it uses the same MAC address. Due to lack of hardware/knowledge i can't verify that).
Knetworkmanager automatically connects to that unsecured network, while the user is still thinking using the normal secured network. A security problem?
I don't know, if it is possible to "overlay/hide" a network (using more power, another channel...)

I tested this behaviour with the same AP: first i created a WPA2 secured AP and connected to that. Then i changed the AP to be unsecured. After a reboot of my computer, knetworkmanager connects without any warning.
So in my test scenario "both" APs are using the same MAC addresse. But for a real "attack" this should be no problem.
It seems that it is sufficient to unplug the power cable of my neighbours AP in a very short, unobserved moment, while providing a "backup" AP with same SSID/MAC at the same time...

I posted the same question at https://answers.launchpad.net/ubuntu/+source/knetworkmanager/+question/26067 and recieved an answer which i understand to be a confirmation of my concern. But still my question where to file a bug report is not completly answered. What's your opinion?