Not to put too fine a point on it, but they are very responsible, and the mail vulnerability was a direct result of an action that one or more of the team members took.
Further discussion has already been had in numerous other threads, search for them.