They demonstrated a PoC that uses an HTTP feature in a way it wasn't intended to add entropy to fingerprinting techniques. Discussing how this same exploit could be used maliciously by others and how to prevent that isn't criticism of the PoC, it is standard security practice.