Yeah, people who genuinely believe that don't have any problem with smart contracts getting exploited. Of course there are people who _say_ that because it's financially expedient at the time, then change their tune. But both groups exist and this is not really a gotcha.

The contract code said, "if you have a valid (off-chain) private key, you can mint tokens." The hacker gained access to their AWS account and ultimately their keys.

While I am happy to celebrate dumb crypto stuff, this isn't a situation where someone's code was "exploited." Their code was stupid, relying only on an off-chain private key to allow the minting of tokens. Their security was just also bad.