The 4.1 will ship with AES. About your concerns, I don’t think you should worry too much. As the article correctly mentions “the current attack is just on the edge of feasibility”. Amazon and Ebay, as of today, are still using it. You must also consider that the attack is based on millions of connection iterations from the same host. A similar scenario is theoretically possible in the case of a browser connecting to a Web server, but unlikely to happen in the case of a client connecting to a NoMachine host.