As I’ve stated numerous times in this thread, this was a trivially exploitable 10 hour-old MITM exploit in a cryptocurrency project - I believed then, and I believe now, that warning users about the risk was more crucial than getting the actual issue fixed.
In an ideal world, the presence of such an issue should be enough to call into question the entire risk assessment of the project. We still don’t have a root cause analysis behind why such a version of the wallet with such a critical issue was released (or any idea of the actual vulnerability window i.e. downloads of the vulnerable version v.s. the update). If we want to talk about actual risks to Zcash users then we need to look there.
To use an imperfect analogy: If I found a fire in a building, my first action would be pull the alarm and get everyone out of the building, to safety, not to call the building owner.