[theOnliest]

But this doesn't really need to be responsibly disclosed: it's not something someone can use to get into your machine, but rather a way you could accidentally broadcast your credentials somewhere unexpected.

Announcing on Twitter seems more like "hey be careful, make sure your password field is focused."

[TonnyGaric]

Yes, you can not get into someone else's Mac. However, what if the last opened application was Terminal? I can think of several scenario where you can do "damage" without logging in—if this bug is real—depending on the last opened application.

[dkersten]

So you're going to start typing terminal commands into peoples locked macbooks on the offchance that they've hit this bug and are running a terminal?

Its a flaw that needs to be fixed, for sure, but lets not over-exaggerate the severity as an attack surface. Its much, much more likely that it will cause accidental problems when the owner types something (like in the tweet).

> if this bug is real

Why wouldn't it be? Plenty of people here and on twitter are reporting having hit similar issues (with OS X and even linux, so it doesn't seem completely uncommon).