What a rubbish from the IOTA fanboys. Certainly it is not safe to post any private key online or use it to log into your wallet. That's why no wallet uses a private key to openly login, only the IOTA wallet does that. And as I wrote several times before, they do so without authorization.
Again, AAA: Authentication, Accounting and Authorization, the 3 pillars of information security. IOTA failed to implement authorization. And that's what they are to blame for!
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
If you would say that users have no possibility to generate their private key offline using just their wallet software, I wouldn't say anything against it. So if you want to blame the IOTA team for it, then you could give the argument that they didn't design the wallet software for people who are new to crypto or have no idea how to securely generate a private key.