They could not have been ignorant of storing non-anonymous, plain-text messages. Even if we don't count that as insecure, they can only appeal to ignorance/negligence up until the point the security researchers informed them of their vulnerabilities.
After that, that they continued their "100% secure" marketing on one side, while threatening researchers into silence on the other, is plainly malicious.
