psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
http://www.securityfocus.com/bid/3931
http://www.iss.net/security_center/static/7985.php