ITsafe Alert Problem?

A few months back I signed up for the government ITsafe alerts, which are:

designed to provide both home users and small businesses with accurate, plain English advice to help protect computers, mobile phones and other devices from malicious attack

Not a bad idea. An email just letting people know how to deal with the latest viruses etc. sounds logical, to me. The system involves setting up a code word that is included in the email so that you can ensure it’s legitimate. Again, not a bad idea. However, an alert arrived this week that had the ‘code word’ included in the subject line. I’m not an expert, but isn’t there a big security issue with subject lines? I don’t know whether they’re easy to read by any passing packet sniffer, or appear in server logs or something, but I remember there being a big fuss when some large company accidentally included people’s passwords in the subject lines a couple of years back. Can anybody enlighten me?