I think the author’s problem is that he finds vulnerabilities thinking outside the box. Traditionaly vulnerabilities exist when you can inject payloads, get access to somewhere you don’t have access to.

His points are valid, and these are vulnerabilities. However they seem like feature requests, rather than being focused on a technical vulnerability (for example use after free).