Well, they had to figure out what was going on with software from a 3rd party vendor. That likely adds overhead.
But hey, I'd break all kinds of functionality temporarily to make sure this exploit - which as is explained, looked worse than it ended up being, wasn't actually as bad as (or worse than) it did look.
I agree with this, too. Personally, I would probably do the same. A day of breaking small part of site vs killing local file read seems like a good trade.