Yes that is indeed sad. But maybe it’s a timely reminder.
As an Alby customer who has been exposed to software risk analysis for a long time, I see a transition happening from technically very savvy cypherpunks on the base layer to higher level projects supporting more regular users (like me). Old security assumptions may no longer apply.
So, those project developers should take an equally vigilant, adversarial mindset as the cypherpunks always have.
I suggest that solution developers apply rigorous and transparent risk management best practices: FMEA analysis, security threat analysis and so on, going forward.
The community could probably help with review of that analysis as we have a vested interest that projects like Alby succeed.