Major vulnerability and took over a month to fix it. Fail.
But it was fixed, so how was that a fail exactly?
It is a fail because it shows that next time there is a major vulnerability to the client, potentially one where you can loose your coins, they will be slow to fix it. Other coins were fixed for this almost immediately and many other copy paste clones quickly followed as well. I'm not the only one to think this, here is a whole thread dedicated to this exact issue:
https://bitcointalk.org/index.php?topic=563790.0While the Heartbleed bug was severe, I think you are slightly overstating its threat on Carboncoin. You could only lose coins if you were using the SSL capabilities of the client.
Were you using the SSL capabilities of Carboncoin, or of any coin for that matter?
Personally I have never used the SSL capabilities of any coin client ever for pools, services or my own wallets.
Give AM a break. The issue has now been fixed and I am sure future security updates will be dealt with in a timely manner.