Bro you are wasting your time discussing blockchain dot com vulnerabilities because you already know the inconvenient if using custudial wallets even those with great features like offering access to privates key sor being able to encypt it in a seed phrase. If you already have funds, hurry up open your wallet using the private keys you possess and move the funds to a safer destination (non custudail wallet), and if you haven't funds there, just desactivate your account and never use those addresses you have their private keys forever. You will benefit nothing chasing system flaws.
I actually agree with most of what you said — custodial wallets always carry risks, and the best step is indeed to move funds into a wallet where you hold the keys.
My opinion: I still think it is important to point out flaws in their system, because those flaws can impact other users who might not realize the risks. For example,
they don’t even offer backup codes if someone loses their 2FA. The only fallback is going through “customer service,” which in theory could disable 2FA without much friction, even if the person isn’t the real account owner. That’s a potential weakness worth discussing.
So yes, moving funds is priority number one — but in my view, identifying and documenting vulnerabilities helps the community as a whole.