Yep, they are right that it is surprising that this protocol was not given enough attention. On the other hand my employers IT staff has done good job allowing only TLS protected auth to office's Wifi long ago. This shows that if you meet and exceed security baselines even supposedly the most serious security issues usually are mitigated before they are a publicly known problem.
