Well, calling this an "exploit" is really stretching the truth a bit— all I did was poke around in Chrome's Developer Tools. Basically, to download any track for free, all you have to do is go to http://vimeo.com/musicstore/preview?id=###### and put the music track ID after the equals sign, where the pound signs are. The track ID is the ###### at the end of any http://vimeo.com/musicstore/track/###### link.
I was going to notify Vimeo of this huge security hole, but then, after test-downloading a track (it has since been deleted from my computer), I noticed that the bitrate of the file was 64kbps. 64kbps is good enough quality to give you a sense of the song but too poor quality to use in a video or listen to regularly. This way, they can give you a full preview of the song without worrying about piracy of the full-length song preview.
Clever Vimeo.