not sure if i totally understand the implications, but does the fact that anyone can update the values means that the ownership of the domain is compromised? i would guess it's not, in the sense that once they fix the bug then the real owners of the domains can just update again to the right value (in case someone else updated their value without authorization) and no one else can change it once it's patched.

i think it's not a big deal for the owner of the domain to have to do an update after the patch rather than having to cancel all the domain registrations