Thanks for that link
Looking around, I suspect that all coin websites/services that give you a Transaction ID before it has been confirmed by the network are likely to have the same issue MtGox had, ie. they create their transaction, submit it, and expect it to be confirmed or not.
While there are solutions/workarounds, they're not so trivial (must scan all other transaction to find one that looks like yours), so I guess many services will not be fixed.
Having a safe, signed, non-replaceable transaction ID would just be simpler and safer for everyone, especially given that the issue is going to stay hidden up to the point someone wants to scam a service (the vulnerability is really about the service, not the blockchain)