If you had read the actual article, you'd know that the headline is fitting. He got warned, that it is an unflattering article, he got the hint with the insecure web server, he had the chance to explain himself and set things right.

It appear this app was vibe coded, has no security, now serves a lot of people, and the author is somehow thinking how to make money out of it, hence the reluctance to make the code open source

I've read the article. The point I'm getting at is that a vuln report will be taken more seriously if you present yourself in a pleasant manner.

It's pretty clear that the app has its issues (especially wrt to false reports), that I'm not disputing.