andyll - 7:03 am on Sep 24, 2010 (gmt 0)
Don't return a 200 for a status. Return a 500, with a customized error page. RTFA.
Scott Guthrie's workaround... which is in the advisory... returns a 200.
<customerrors/> by default returns a 200. ( or 302 200 if redirect is used)
As long as all error conditions return the same code it's fine.
Since this is a short term workaround ( I hope ) I personally decided not to send an error condition ever.