At the time they requested the removal of the tool, they hadn't yet fixed the problem server side. I don't think it's egregious to request that the tool be taken down while they worked on fixing the problem. Much like how security exploits aren't just immediately published without notifying the company so they have a chance to fix it.