You could have done this without abusing the website. Anyway, lets break it down for you. You're making the situation seem more dangerous than it really is. This post is completely over-sensationalized. The only financial information stored on the server are the account and routing numbers. Even if the server were compromised, BTC could NOT be withdrawn from the escrow accounts. All escrow accounts are stored in cold wallets, private key is not on the server.
You were right on your first example, all error reporting should be disabled. That has been modified accordingly. Still, nothing sensitive is displayed below.
Before thinking it's a good idea to build your own platform, I suggest learning web security basics. And turning off debug logging on prod.
This error has been fixed. Unless you get extremely intricate, you cannot place a buy on an order if the buy amount is less than the minimum sell amount. Once again, nothing sensitive or dangerous happening below. Just someone abusing the script making a small mess to clean up in the database.
Only you (the person placing the fake sell order) would ever receive that email. That is not a security vulnerability.
Even if you got full access to the server, you would not be able to make ANY financial gain from it. BTC cannot be withdrawn.
You have also been banned from accessing the website due to a blatant disregard of the terms of service.
And I did like the "security consult" you sort of ran on us for free. Check your PM inbox, would be interested in your services perhaps.