Exactly what I thought upon reading "The current version of timthumb has this issue. Since it’s already in the wild and I just got hacked by it, I figure it’s ok to release the vulnerability to the general public."
There's no other way to inform most people about the problem. There's several thousand free WordPress themes in the wild, and obtaining them does not involve getting on the developers' mailing lists or otherwise being contact-able. Even if it was possible to notify every theme developer that may be including timthumb in their theme, those developers would have no way to notify the end users.
