The list of vulnerabilities in 4chan read like a standard web hack CTF. I'm surprised a site as big as 4chan has multiple OWASP top 10 issues, especially after the source was leaked. Storing credentials in client side cookies? Who wrote that shit?
4chan has always operated on a shoestring budget. When you have a single dev, there's nobody around to catch stupid mistakes. I just spent two days trying to track down a bug only to realize I'd been adding elements to an array in a braindead manner. Stupid happens.
