I agree it’s not a back door but if you’ve been put on notice of a serious security flaw then after a certain amount of time I do think your failure to take corrective action is “deliberate”.
How serious is it, really? The vast majority of users will connect to a web server with their IP anyway so I’d assume it’s more a question of weighting it behind other privacy improvements — for example, ad blocking and tracker protection are probably making more of a difference for most people.