JSON response expects arrays that aren't nested inside of an object.

This is a subtle vulnerability that could cause issues and needs to be fixed. Refer to this article to understand how this could be exploited. http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/
