I’m not quite sure what you’re getting at. It’s not a sin to comment on a security issue while the issue still exists. Furthermore, correcting a security issue doesn’t render somebody immune to all complaints on future security issues.