I agree with your sentiments. What Homokov did was childish, but he made his point in a non-malicious way that got the message out better than silently writing a letter to the admins. It is evident from the events that occurred that this is an issue in Rails that needs to be fixed. What does it say about a feature of your framework when, by default, one of the largest code repository hosting sites in the world is vulnerable? The phrase "meaningful defaults" has never been more relevant.