You are allowed to judge people for taking far, far too long to do the right thing.
It indicates a pattern of poor judgement, which speaks to trust. You know they are going to let you down each time a new issue comes up.
Faulting people for being cautious around such bad actors (which I'm not saying you're doing, but the response will) speaks to your judgement, not the vendor's.
All software should work like that.