They are if they want to offer a service to end users.
Discussion
Especially one that is a money transmitter
I'm saying even if they personally coordinated an attack on Nostr users, they still managed to create a decent framework. That's worth mentioning when our options are limited.
Plenty of crapware on Nostr wants to unencrypt my dm's just to visit the main page of their website. I don't see it as any different but I don't shit on every project that decides to implement an experimental and open protocol "incorrectly".
If it's proven to be a coordinated attack by the developers themselves then I would think less of them. At this time I don't have reason to suspect them considering their reasonable response.
They have just as much obligation to provide a secure service as any user has to choose them for money transmission purposes or custody of Bitcoin. We've mostly all tried multiple wallets and we're all pretty aware of the risk.
Were you affected? I just don't understand the "never come back" part. Why so serious?
Where is the source code to the full stack of nostr:nprofile1qqst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fspz4mhxue69uhhyetvv9ujumrfvecxz7fwd4jsz9thwden5te0wfjkccte9e3k76twdaeju6t0qy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsmryfpz? I'll absolutely run it for me & mine...if it's real.
I can't answer any questions about it but this is their GitHub which seems to include the UI and server.
Have you checked github?