How about instead of pushing the responsibility on someone else, you take responsibility for YOUR security-sensitive context and do the research before you start installing libraries?
> Dog piles on Internet forums because the dev isn’t doing what you want isn’t fine.
Therein lies the problem. You cannot reasonably expect to link a blog post that says what that one did on Reddit and not have people dog pile. They will, every single time.
This article is someone who did that research on multiple Rust HTTP clients and reported what they found:
https://medium.com/@shnatsel/smoke-testing-rust-http-clients...
Which I believe is what kicked off the events leading to Klabnik's blog post?