It's also impossible for both jsfiddle or twitter to scan the code of each fiddle and determine if it's legitimate or an attack, so this looks like a good measure from Twitter.
What is surprising is how this was even allowed so far and still is in many social networks, as its such an obvious way to deliver exploits.
There are things they could do though - such as limiting the execution time of a fiddle to a couple of minutes, or limiting the size of the code, or blocking certain calls, and so on. Users are running code that's been saved to the JSFiddle server, so it's not unreasonable to suggest JSFiddle have some responsibility to their visitors. They could make it so the code runs fine if you're the owner or if you've explicitly said it's OK to take up more resources, but defaults to running with these limits if you've just browsed to a Fiddle from a link. They could block common mining scripts (which would only work against 'scriptkiddie' attacks rather than anything sophisticated, but whatever).
There are things the JSFiddle maintainers could do. They don't have to, and in their position I might not do anything either, but the cost of inaction in this case is Twitter blocking links to their site.
You do understand that they banned the malicious accounts and contacted Twitter, right? Them behaving responsibly is what caused this mess, not sure why you're implying they have no responsibility to their visitors...
I do not think so. If I insult another user on Hackernews, how is Ycombinator resposinble for that? I don‘t think platforms should be responsible for what their users do. That is a very slippery slope, leading to the horrendous way YouTube deals with copyright claims, Article 13, and similar censoring tools.
Your example is a difficult one because only the person who the derogatory comment is aimed at can decide whether or not they're insulted. Whether or not something is insulting is up to the person it's aimed at. The same goes for things like negative comments, stupid comments, copyright on a derivate work, etc. Whether those things are actually bad is a matter of opinion, and each party probably takes a different position. Consequently it's different situation, and not really relevant here.
A better analogy would be if I were to invent a piece of plain text malware and posted it in a Hackernews comment. Would YCombinator or HN have any responsibility to remove it, or should they just let it sit there? I contend that when something is actively harmful the publisher has a duty to protect visitors by removing the content or limiting it's impact. (And HN has some awesome moderators who do exactly that in very extreme cases, plus users here can flag things to hide them when there's a consensus, so it's not really like HN is completely free of 'censorship')
Plenty of people take the opposing view that platforms shouldn't get involved. There are two sides to most arguments. I'm slightly on the other side to your position.