Not really, in fact that article was exactly what I was thinking of, reading it it'd be easy to get the impression they were talking about production software after the first sentence. Bugs are fixable and I haven't found any serious design or protocol mistakes, nor seen anyone else point any out. Given that, I'd say they're doing pretty damn well.
Without more details its hard to tell how big of an issue this is. I've been brought in on projects to fix security in the past, and in many cases, after thorough design and code review, we crafted up a modified design and implemented it in a week.
And these were in substantially larger systems.
With that said, I haven't looked at the code, so maybe the issue is more fundamental than that, but I haven't seen evidence of that yet.