The problem is that Synology has historically not been very proactive at informing and educating their users about security threats, including very specific ones like this. A company that specializes in selling advanced network appliances to novice users and non-IT pros has a certain obligation to those users, IMHO.
PayPal has been described as "a fraud detection company that also transfers money." That's how Synology needs to think of themselves.
