If there is a flaw in POS of this and other coins, the truly responsible thing to do would be to notify the devs of the other affected coins directly before releasing anything to the public. Simply releasing details of a flaw to the public after fixing it for only your own product is exactly what Cloudflare did with the Heartbleed OpenSSL bug.

I know there are a LOT of POS coins out there (both proof-of-stake and piece-of-shit), and contacting each and every dev individually would be nearly impossible, not to mention extremely time-consuming. I unfortunately don't have a constructive suggestion for what to do here, but this is factor that should be considered.