I'm assuming that a hundred million users aren't made vulnerable by sheer wizardry. In all of the cases that the original article listed, I'd bet my salary that there was oversight in terms of the critical components or the architecture. RCE should not be enough to make that kind of dent, there should be more security there.
