Then send a PR to them as they openly ask for user feedback instead of just fudding. They address most of these issues in their release that you don't seem to mention. They openly discuss the potential of a theoretical link in Samourai code and changed and updated many aspects to avoid that concern.

I don't understand the anamous against honest devs who are putting their lives on the line for user privacy. We should be offering help not fear.

"vulnerable" and "other issues" are pretty vague.

if the key is hardcoded, its not the same vulnerability, correct?