This kind of stuff worries me as well. Security experts generally don't seem to give a fuck about things being unusable due to security systems "Working as Designed". It just doesn't factor into their analysis. As long systems are not "compromised" in some narrowly defined sense, everything is considered fine.
Generally this attitude doesn't backfire, because individual users loosing access to their data, their accounts or their software can be simply dismissed. But in this case it happened to everyone at once, so it's suddenly a big deal.
This isn't my experience at all. Most "security experts" I know are familiar with the so-called "CIA triad" and understand quite well that the "availability" part is just as important as the "confidentiality" and "integrity" (i.e., the "not compromised") parts.
If one doesn't, well, she isn't much of a "security expert" after all, is she? Firewalling off TCP port 80/443 at your perimeter firewalls isn't a very good solution if you're an e-commerce company selling your product on your web site -- and the "security experts" know this.
Generally this attitude doesn't backfire, because individual users loosing access to their data, their accounts or their software can be simply dismissed. But in this case it happened to everyone at once, so it's suddenly a big deal.