alt Hacker NewsSuch claims can both be true and pointless. For those of us who have to decide what actions to take, there is a point in differentiating between bugs and vulnerabilities, and breathlessly proclaiming "we found a vulnerability but we don't have an exploitation vector or proof that there's a meaningful security consequence" is annoying and likely to get the proclaimer ignored in the future.
The context in which that statement was made, and in which I’m repeating it, I think, is just to say that any bug has the potential to be used maliciously. Ignore it, fine, but also don’t overreact to the intended message…