Even though he was joking I'm pretty sure he will. Which is a good thing really, much better he find a exploit than someone else. My joke twitter account could have easily been a professional one and GraemeA could haev easily been someone with bad intentions. It'd be great if there was a tool to scan github repos for things that look like keys and find unsanitized database inputs, bobby-tables.exe I'd call it.
That's why you have 3rd party security consultants
It's a shame the more vunerable startups can't afford these people, my older brother joked that he'd make a 'hack' for the game I'm making as soon it's released.I'm just going to laugh when someone injects code or is able to drop a table in the "next big app".
My older brother shows me these failures all the time. They're bloody hillarious, there was this one time a Garry's Mod(Pretty popular multiplayer game if you've not heard of it) server had a user function which basically just sent commands to the server. Turns out they were ran with console privileges and he used it to clear all server ranks, admin himself and do a lot of trolling.