Exactly. The ability to test whether a coordinator is exploiting an active vulnerability is somewhat of a silver lining to the existence of the vulnerability. Another example of this was with the inflation bug in Bitcoin that was fixed in 0.16.3. Since this bug wasn't exploited by miners at the time, it provides some circumstantial proof that entities who are otherwise in a position of no trust and up wielding a position of trust responsibly.

Obviously, we should always strive for bug free code and incentive aligned protocols.