It's understandable that they made that mistake, it's not understandable that Lennart kept insisting it's not a bug until it blew up in the news. Remember that he actually got cranky that somebody assigned CVEs to the issue...
I agree with _jal that this kind of arrogant, dismissive behavior and repeat behavior doesn't instill trust and does a huge disservice to the project's reputation.
I do agree that the messaging and tone was painfully bad, yes.
I can sympathize with people who spend all day dealing with unwarranted rants and flames letting some of that leak out into their responses to everything, but yes, that should have been handled better.
I agree with _jal that this kind of arrogant, dismissive behavior and repeat behavior doesn't instill trust and does a huge disservice to the project's reputation.