I agree. But i'm not sure this sentiment applies here, twitter probably has an amazing security team and its clear that they were using good practices. they found a bug and disclosed the issue to their users.