I'm not so sure about that. Comparing the vulnerable source code to the original (which you can find here https://github.com/ethereum/dapp-bin/blob/master/wallet/wall...) tells a totally different story. It looks like the vulnerable version tried to condense everything into a single contract (think class), when it had originally been split up into multiple contracts (think classes). The result was that functions that were originally initializers were no longer callable only once. Someone's refactor of the original code seems to be what lead to this issue. The vulnerable functions even started with "init" but were not actually initializers.
Unless the original author also introduced the bug, I don't think it's fair to blame the original contract.
Unless the original author also introduced the bug, I don't think it's fair to blame the original contract.