Just thought I'd post this link:
The find_all_privs.sql script is different to any others I've seen. It is able to cope with system and object privileges assigned via nested roles . Thought someone might find it useful
It never occurred to me that people would write hacker tools with PL/SQL. There are quite a few things that I need to check out when I get home tonight. Otherwise a good site for people to be aware of.