SUPEE-7405: Can't delete items from cart, due to _FORM_KEY_PLACEHOLDER not being replaced

[xyzianz]

Hello, I have an issue with Made_Cache (rev 9faa597, cloned on 2015-03-17) following SUPEE-7405, specifically APPSEC-1212 (CSRF Delete Items from Cart).

From what I can tell, commit d3371f8 added support for Magentos CSRF-prevention. In SUPEE-7405, magento started to verify form_key on the /checkout/cart/delete/-requests (Mage/Checkout/controllers/CartController.php::deleteAction), which now fails as the request now points to /checkout/cart/delete/id/<id>/form_key/_FORM_KEY_PLACEHOLDER/uenc/<uenc>/form_key/_FORM_KEY_PLACEHOLDER.

I guess (or speculate freely) this could be because /checkout/ is not added to the Made_Cache whitelist so the _FORM_KEY_PLACEHOLDER is not replaced when needed.