It would have been hard to prepare for this type of vulnerability.
I think this has become the default response for "security experts", as if there were no way anyone could be prepared for any kind of security incident. The desperate attempt to absolve everyone of responsibility is doing the world a massive disservice.
I wouldn't want to advocate blaming developers for making mistakes, they're only human after all, but as an industry there is a real need to stop excusing such simple problems and get all developers to understand their part in responsible treatment of security issues.
