I've just looked a bit into this.

I tend to believe that if it really was maliciously placed there, it would have been much more obfuscated - both code-wise and communication-wise. Any clever sysadmin will notice that the miner is having some kind of "call home"-functionality (as a sysadmin I do tend both to block outbound firewall by default and monitor attempts on getting through the outbound firewall). Hide the shutdown-message in the blockchain, and it would have been a lot harder to find.

Not saying that it isn't bad - it is bad, but it's quite clearly done out of stupidity, not maliciousity.

Comparing a DoS-vector with information-leaking bugs are also not much honest. Yes, it is bad, but it is not that bad.

The real WTF is that one single hardware vendor now has more than 50% of the bitcoin mining power. It is really time to realize that Proof-of-Work is probably not such a good idea after all.