It's not unreasonable to expect better transparency, that's something that's improving too slowly. We don't even know if this was exploited yet and it's been a couple months and there's always a lot of opacity around hacking incidents.
Security is hard and accidents are easy, dropbox once had a four hour period where they didn't verify passwords!
That is pretty embarrassing too and even a bigger vulnerability, but Dropbox released a statement about it.
I believe that owning up to your mistake and being transparent about it can only make your customers trust you more. What worries me is that Mercado Pago is huge and they never released a statement about this issue. I hope that they change this policy soon.
Security is hard and accidents are easy, dropbox once had a four hour period where they didn't verify passwords!
http://techcrunch.com/2011/06/20/dropbox-security-bug-made-p...