[unreal37]

Hmm, disabling with a notice is not a bad middle-ground actually. For the worst offenders.

[james-skemp]

It's a horrible middle-ground. Google definitely dropped the ball with alerting users of a possible breach. If there's strong evidence a plugin was capturing and using credentials I need to know to change credentials.