Leaving aside the fact Miller deliberately broke his agreement with Apple, and potentially put other AppStore users at risk, you’d like to think that Apple should instead just take the app down, admit the flaw and work with him to help resolve the issue in a future update.
Security researchers seem to like to publicly embarrass companies who don’t admit to or schedule a fix for flaws they have found. And while there is good reason for that happening – keeping the developer on their toes as it were – there are converse reasons why a software company would refuse to admit the flaw and refuse to advise of a fix. Apple, particularly, for real or flawed reasons have been traditionally ostrich like when it comes to admitting they have a ghost in the machine.
Perhaps a bit less of the Head on and little more conversation between both sides of the equation might help resolve this fundamental dichotomy. In other words; get into bed guys, as a user I know I’d appreciate it.