Yup. Give those people 2 days to learn a new instruction set for an architecture that's only ever synthesized onto an FPGA, then reverse firmware compiled to that architecture back to an exploitable overflow. They'll do it. And they won't even use Mongodb to do it.
You're simply measuring passion in a different way. The (very, very small number of) people who can do this are very passionate about the work, as we both know, and this shines through in the work they do in and out of the day job.
But let's say you saw someone that was coming from a security consultancy that started doing interesting, challenging work and then turned into a shop doing nothing but the same web pentests day in and day out. Don't you think you'd seriously question whether they're capable of doing the challenging work, or still hungry for that kind of work? I know I'd think twice about it. I think that's why people are so against the people left at Yahoo; it's a company that's been on a downward trajectory for a long while, and is actively doing Bad Things (TM). It's not unreasonable to expect that someone that's ok with that (or blind to it) isn't going to be a fantastic hire, but that doesn't mean there aren't certainly exceptions.
Some people have had their choices severely constrained by circumstances. A categorical 'I won't hire from company 'x'' without any willingness to look at circumstances is silly.
Another thing the guy overlooks: these people could simply be extremely loyal and may hope that given Y!'s scale that there is a chance that the right management team could make things work. Other companies have been in bad shape and have survived eventually.
Loyalty is an excellent quality and penalizing it is stupid. You really shouldn't hire based on where people used to work, you should hire based on your needs, team fit and skills.
