Why do we shoot the messenger still?
Roberts is just one example of someone who finds a flaw and gets a butt-ache from either the company or the government or both when reporting it. They should at least get a "thank you" and then the flaw should be fixed.
A miscreant will just steal (i.e." copy/download") what ever data they want and do with it what they want and/or upload ransomware which hits the bottom line and gives the IT staff a headache.
This whole scenario lately makes me wonder what are our corporate and government masters thinking....