The smugness of this post reaks. Rather unwarranted considering the number of XSS vulns found, I also question their classification of these, XSS in this system entirely breaks their "encryption as a mass product" philosophy. (provided you give them the benefit of the doubt and assume its for the users and not their protection)

Taking they want to tout this system as security focused I'm quite amazed they seem to not have scrubbed a single output. I highly doubt they fixed it properly either.

This definitely seems like the best way they could handle the recent coverage of their security.