That's not why MtGox got criticism. MtGox released specific statements that not just turned out to be premature and wrong, but that they had to have known were false at the time; for example, there's no way they could honestly have claimed both that it was just a single account that was compromised and that they had enough Bitcoin funds to cover their deposits because even from the outside it was easy to see they didn't have enough Bitcoins to cover the amount in that single account, let alone everyone else's deposits.
well, it seems that only 1 account got boosted with 500.000 btclike trade units and being ordered to sell at mtgox (so the 1 compromised account claim coud be truth) & they did not have to have bitcoins matching the number of trade units added to that account, just enough to cover lost bitcoins due to withdrawal. this number we do not know, but seems mtgox refunded everyone. imo also the second claim could be truth. added trade units in a DB of the trading system =/= actual bitcoins. until withdrawals happened everything was an mtgox internal db records of trades.
that's why it is important to know if the MBC attacker managed to get coins out of the service, because that's the damage done. simply service being not available is just inconvenience, as long all bitcoin accounts hold their balance.
pitty he did not warn exchanges on time.
