Why would they be even more mad about the ads? Injecting ads is sleazy and deceptive, enabling MITM attacks is actually dangerous. You're right though, the ad injection by itself is still pretty sleazy even if it were perfectly safe. I think it just got overshadowed by the security concerns.
Heck, it's insane to me that most PC manufacturers slap a bunch of big ugly stickers on most of their laptops so they can make some absurdly small amount of extra revenue on a product that costs hundreds if not thousands of dollars. Willfully endangering users for a similarly marginal profit boost is so much worse. I have no idea why anyone would buy stuff from such a company.
Probably because the MITM vulnerability is horrible sloppiness, but the ad serving is done with the malicious intent of continuing to extract revenue from users that just ponied up a couple thousand dollars for the laptop to begin with.
I've read people saying there's no way developers didn't know what they were doing WRT the MITM vulnerability. To them I say "you've never worked for a giant corporation." Security holes are second in volume only to spent Keurig pods.
However, the choice to turn someone's entire computer in to an adware mechanism was explicit and just really sleazy.
I believe the possibility that a developer capable of understanding and creating this local MITM not being aware of the wider security implications is near zero. That would be like a scientist understanding nuclear fission and bomb making not knowing that detonating it in the middle of a city would cause a lot of deaths...
The MITM framework was created by a separate company from the company that developed the specific piece of software. Just like you don't actually have to have a clue how a web server works to write a Rails app, the Superfish developers bought an off-the-shelf MITM framework and used it, which doesn't require much thought.
Heck, it's insane to me that most PC manufacturers slap a bunch of big ugly stickers on most of their laptops so they can make some absurdly small amount of extra revenue on a product that costs hundreds if not thousands of dollars. Willfully endangering users for a similarly marginal profit boost is so much worse. I have no idea why anyone would buy stuff from such a company.