Triggers NOT running as table owner

According to release notes of 8.3.18 (yeah, old docs)
a trigger runs with the the table owner permission.

This is the only document I found about this matter:
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html


 Require execute permission on the trigger function for CREATE TRIGGER (Robert Haas)

 This missing check could allow another user to execute a trigger
 function with forged input data, by installing it on a table he
 owns. This is only of significance for trigger functions marked
 SECURITY DEFINER, since otherwise trigger functions run as the table
 owner anyway. (CVE-2012-0866)

But, while I'd need this to be true, I can't confirm this is the case.

Did I misinterpret the note above ?

--strk;

 http://strk.keybit.net