A small company with a proven track record of ignoring such reports is no better than a large company full of Kafka-esque nightmare-level bureaucracies.
Are you sure about that? I've followed it a bit, and from what I read the security issues were solved pretty fast. Sometimes even before people could report them.
The only thing that was AFAIK grossly mis-handled was the password list leak. He should have set the confirmation/claim process into working *before* someone hacked into accounts and distorted the market.
Anyway whatever the real story is, I don't agree that gives you a reason to nail him to the pillory for every little issue you find after this.
Oh noo! a misspelled word in the interface! ... full disclosure!
Edit: btw why not change the name of this topic now that it turned out not to be a "trade matching bug" at all?