[throwawaysnipe]

The e-mail heavily implies that the security breach was CouchDB's fault instead of those who were administering that Couch server.

Deliberate passing the buck or accidental bad choice of words?

[jashkenas]

I think more of a serious gut check for anyone who's deliberately exposing a CouchDB server to the web because it contains all or mostly public data.

[throwawaysnipe]

My bad, just realized you aren't e-mail writer or npm admin. Thrown off by gist author.

Deliberately exposing anything to the web should come with lots of... wait for it... deliberation. The npm guy is a core community member; this incident shows a lot of sloppiness and doesn't inspire faith.