I think people leaving facebook en masse would be a good thing (TM) for society, not a doomsday. Fewer echo chambers, less disinformation, and people forced to make effort to contact each other.

I've been following Josip's work on and off for years now (he's probably on every big white hat hall of fame there is), and I'm pretty sure he wouldn't go public even if it took them a month to fix this.

If he said in a public blog post that it took them a month to fix something so simple, I could see the shit storm aimed at Facebook on social networks (including here), but I highly doubt any user would be compromised.