It's not critical, because blogspot.com is only for user data. Sensitive cookies are stored at blogger.com
I see, but WTF if attacker wants to drive the visitors to the malicious websites? You will see what will happen after that.
agree with totallyunknown, it's not a bug - it's feature :)