Bare PHP (without any framework) and the tons of bad advice surrounding it make it easier to screw up than other languages where it's very hard to do web development without a framework so most beginners start off with a framework directly which provides structure and guard-rails against doing insecure things.

Personally, the ethics of it are secondary to the fact that BambooHR could, sue HN to recover the IP address guessmyname used to post, followed by suing their ISP to get an address, and then trawl through their records/backups to link it to an individual. Now, BambooHR may not be run by assholes (I've never encountered them before), and choose to fix the bug quietly rather than go after "guessmyname" with a lawsuit, but companies are not known for being especially insightful when computer security comes up. (Such as the HipChat example mentioned.)

Hopefully guessmyname always uses VPN/public hotspot to access this site, if it turns out that BambooHR is run by litigious jerks.