I struggle to understand why the sudden influx of new users would affect these security problems in any way. OK, more people are affected, but the problems are surely the same regardless of how many users they have.
To me it just comes across as an attempt to deliberately confuse the issue.
If a team of career PR folks meticulously iterating on the precise wording of this message to frame the narrative in their favour doesn't count as "cunning" to you, I don't know what would.
> For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations.
Now, putting this into context as a software development team. Let's say your security/privacy team says "we really need to patch this CVE we found" and your infrastructure team says "we really need to re-architect this one area so we can handle more users". Given that Zoom has likely just doubled its user base (which means more revenue), where do you think management is going to spend its time?
This is coupled with the fact that a company with a ridiculous influx of users is going to be a higher value target. Security/privacy isn't going to move the needle in terms of revenue, but infrastructure is. It's a matter of contention of focus.
All reasonable if the company wasn't 8 years old, had 2500 employees and a turn-over of 600 million. They invested clearly near nothing in security over the last years. The extra scrutiny showed that, but it didn't CAUSE it.
To me it just comes across as an attempt to deliberately confuse the issue.