Whilst this undeniably is a huge security flaw, I do feel like it is advancements like this which will ultimately help introduce Steemit to the masses (and I think we should appreciate Steve's efforts in this regard, too!). It would naturally have been ideal to not have this exploit in the first place, but getting it tested very early on is much better than to have a disaster brewing behind the scenes. It moreover sounds like @roelandp did the right thing and informed affected clients immediately without abusing anything; damage seems very contained.
RE: [whitehat report] Warning Don't Install SteemPay Woo Commerce Plugin for now. It's very alpha.