I didn't make my point very clearly, and I think it can be summed up with an offline analogy: "Toxic nerve gas spill in Disneyland. To learn more, visit the Information kiosk inside Disneyland."
You made your point, but I blame the ambiguity on an overly brief title and no context in the original HN post. If the title said "User information on Drupal.org compromised" that would be more accurate and let you know that you probably don't have to worry about a browser-attack-zero-day. And, of course, if you're the kind of person who worries about a browser-attack-zero-day you're probably also the kind of person who has a Virtual Machine running a guest Tails linux with no plugins and javascript disabled so that you can visit sites like this without worrying.
Going back to your Disneyland scenario, a closer analogy might be "An attacker stole souvenir photos of visitors to Disneyland. To learn more, visit the information kiosk at the front entrance of Disneyland." I say photo because it's something somewhat private (like a hashed password) and I moved the kiosk to the front door of disneyland (i.e. outside of where new photos are taken) because people who want to learn more don't have to set a new password on Drupal.org.
