No, it is not good. This issue should have been reported responsibly through the FreePBX security-tracker repository on GitHub.
Also, the excerpts from a separate unrelated issue that raise some points related to severity scoring were coincidentally discussed at length in yesterday’s blog post.