That should have been the takeaway of the story, it's certainly the most alarming part. I'd certainly assume there'd be a thorough vetting process.

Wow... That is definitely alarming and should be reported...

Edit:

I reported it on the same thread since it's still active.

Edit: Someone else reported it, it seems.

This is the cost of the "hats off" quick response time to complaints.

The article itself mentions that a patch was pushed within hours of contacting the author. Not much vetting can be done in such short time.

something something "move fast and break things(TM)" something something