How are you the arbiter of what responsibilities the developer of one the the most incredible open source projects should have when you're happy collecting your Microsoft and Google paychecks literally spreading cancer on the internet in the form of AMP pages and straight-up closed-source trash?
I don't know what AMP has to do with anything - you can in fact search my post history to find me complaining about it, I bet - but if you don't like the reality that running code on other people's computers comes with responsibility you should probably move to another planet.
There's a spectrum of risk depending on the kind of software you're writing and the approach you take to writing it.
One end of the spectrum is viruses, software designed to be malicious that the author absolutely should bear responsibility for the consequences of.
Another end is toy software created for fun shared with a few friends that doesn't do anything important. On that end of the spectrum you're all having a good time and as long as you don't do something stupid like delete system files with a buggy I/O routine, there's probably not much to worry about.
But surely you understand how iTerm2 is not toy software, right? It's essential infrastructure, and the security impact of this bug is large specifically because it's important software. Important software needs to be developed with caution because if you screw up people can lose their files or worse. This isn't a moral judgment or something I want to be true, it is true. If people don't like the responsibility that comes with developing essential infrastructure they shouldn't develop essential infrastructure, and as user/developer communities we should support the developers of essential infrastructure instead of pretending that rigor and quality are unimportant.
