Only one person discovered a flaw in the security implementation. He didn't say he shared it with anyone at all. It could be months until Gateway finds it themselves, finds an alternative, or the solution leaks to them (as has happened in the past). Making an assumption that because someone cracked it that Gateway will be able to immediately is only founded on your wishful thinking.