But those vulnerabilities were there, at least on OSX, because they were trying to avoid OSX's security warnings. And this is not the first time they've done something skanky like that.

Once may have been an honest mistake; 2+ times is now a pattern.