It appears this is a misunderstanding. You can use your twitter app and read this thread explaining why your build didn't match. Both honest and dishonest people don't want to be called a liar, so @nvk 's response is excusable, even if it raises suspicions.
Yes, I saw that thread. That's not what this post is about. As the title suggests, it's about "their toxic attitude towards users who highlight issues". In this specific case, it ended up being something benign. But if this is how NVK acts with something as benign as this, it's only reasonable to assume that he may react the same or worse on other not-so-benign issues being reported. Hell, how do we know there haven't been other issues reported that were just dismissed by NVK or suppressed by threat of lawsuit?
The point is not that this issue was a real security issue. The point is that his attitude is a risk for the security of his software now and in the future. A good example is how they've now changed the license of their software. Before it was a true open source license that anyone could use and thus had an incentive to scrub and find bugs in. Now, because of their attitude and beef with Foundation, they've changed the license to one that doesn't encourage others to dig deep into their code which, in my opinion, is a security risk.
reply