Nothing in that thread backs up what you are saying. There's some rude commentary by an angry individual but the devs clearly explain the reasoning and make it known to end-users on the actual download page.
Also just update your version if you are really so concerned? This doesn't affect me at all on linux and the current development snapshot for windows is using an updated openssl lib.
It does not affect you, but it affected me.
I wanted to run the newest version of the Mumble server "murmur".
Easiest way to do this is to use the static binary. (At that time there was no warning on the release page yet.)
But of course this ran with an outdated OpenSSL.
I don't want to run a server with unpatched known security holes so I had to scrap that idea.
"Just update your version" is also not possible because the newest static build still contains old OpenSSL.
In the end I had to get the newest murmur package from Debian Unstable. It's fine, it works for me (TM), but then why did the static build exist at all?
They should just remove the outdated static binary build if they aren't going to fix it.
Also just update your version if you are really so concerned? This doesn't affect me at all on linux and the current development snapshot for windows is using an updated openssl lib.