I like to think that the Cryptocat team and myself have matured beyond the point where we consider security disclosures to be punishment, but rather something to be expected when handling a project that wields experimental technology. We're trying to be adults by adopting principles of full disclosure, mitigation, transparency, public involvement, and making sure our process is tweaked to prevent the repetition of past mistakes.