The thought crossed my mind as well. Lots of typos, plus "old version compromised, use new version ASAP" could also be said to get people on a newly compromised version, right? Though it's probably just that the post author is stressed and rushed the post out. I do wonder if there's a way to verify the post was written by the real dev and that he still has control. Old known GPG sig?