Last I heard the 12 BTC were meant for the hacker, as well as a "security consultant" position. I do agree additional money from donations and whatnot since then should also go to the security bounty, which should be paid at the dev's discretion.

As described in the chatlog, steps to implement stricter validation are always appreciated, given especially the use of multisig. Similar validation will also have to be done when OP_RETURN is finally implemented, as that has only been on testnet so far.