Creating transactions out of immature coins is a separate problem from transaction malleability. Gox is guilty of handling both situations poorly.
The fact that they haven't fixed creating transactions out of immature coins doesn't necessarily mean they also haven't fixed internal accounting problems stemming from transaction malleability.
I certainly don't expect them to go above and beyond and fix multiple problems at once!
My understanding is that because of the immature coins problem, mr. K. had setup automatic reissue. Basically when a Gox-initiated transaction would not appear in the blockchain for a certain time, some cron-job-or-whatever would credit the user back with the coins. I speculate that the job was, of course, looking for transactions by txid.
Now think of these two scenarios:
1. transaction fails because of incorrect padding; Gox credits the amount back to user; user fixes the transaction manually and rebroadcasts it; transaction succeeds
2. transaction fails because of immature coins; Gox credits the amount back to user; user rebroadcasts the transaction; transaction succeeds
Both scenarios have, by default, nothing to do with malleability. But still they will cause Gox' accounting to go bananas and some very happy users, who could then go malicious and try to find a way to iterate the process and empty Gox' wallets.
Malleability also makes it worse because even when automatic reissue is turned off, once the malicious user has learned that Gox support people are trained only to look for transactions by txid, he can rebroadcast the transaction with a different txid and still complain to Gox support that he did not receive his coins.