The issue Notepad++ is having, is the same as a lot of open source projects: They don't have a ton of money, don't have a business entity, and are struggling to get/keep a software-signing key in those circumstances.

So the people taking pot shots at the developers, I guess, maybe be more specific with what they did wrong and what they should have done instead. Because if you actually understand the history/circumstances (and the fact it was a third-party hosting provider compromised), one would expect more blame on the systemic under-funding of OSS than "developers bad."

Are people wanting them to create a business, monetize Notepad++, so that they no longer have issues with hosting/certificates? I'm guessing not.