Thank goodness. Sanity has prevailed.
You know you've blown it when the following appears in a buzzfeed article about your software:
> open the application called, “Terminal.” Copy and paste this text: lsof -i :19421. Press enter. You’ll get a string of mumbo jumbo. Underneath the text “PID,” copy the string of numbers underneath. Then type “kill -9” (without the quotes), add a space after -9 and paste the PID string of numbers. Press enter. The server has been killed.
What I'd really like to see now is them addressing the fact that their initial response to this was terrible, as if whoever was making the decision had no idea how bad this design was from a security standpoint.
These factors point to a company that fundamentally doesn't take security very seriously. That's not a fast, easy, or cheap thing to change. I suspect it won't any time soon.