You still sign channel state revisions with the on-chain key. I forget where I saw it but it was a compromised device not a LND specific issue. I.E. could have affected any "Hot wallet" type of program.
Discussion
True, but it is semi automated. Add in automated systems like custodians running accounts on top of the typical pleb node and there are plenty of places for excess payout bugs to sneak in.