Having saved GoDaddy from potential chaos 11 years ago, I continue the same practice to this day.
Perhaps it’s due to my background as a systems analyst that kicks in; I want to see what results are produced by different types of input. Sometimes, it’s intentional; other times, it’s coincidental.
The idea is not to humiliate publicly the companies whose services are found to have bugs or glitches. What I do, is to let them know of my findings, and wait patiently for them to fix it. In the case of GoDaddy, I didn’t publicize the incident until 9 years later.
So the right time to announce a bug, glitch or security issue to the public, is ideally, never. At the very least, such announcements should not happen before the fixes have been implemented and tested, and a healthy period of post-testing functionality has passed.
To the domain company that triggered this post: your secret is safe with me. 😀
Many times I have tipped off godaddy first point of response customer support, to bugs in tdnam, and such, and they always make it like your the crazy one, like they know it all, listen to your customers, especially the ones that have 2k domains in their account.