Really irresponsible of them to have run vulnerable.
Worth noting that despite their claim that it's a protocol flaw, it's actually not. They are deflecting blame just like mtgox