You asked ... so I looked for it. Best I could find was Hanlon's Razor saying, "Never attribute to malice that which is adequately explained by stupidity." Ignorance and stupidity aren't quite the same thing, but are probably close enough for this purpose.

Most likely you're right. When assigning blame, one should look for intent. What is the intent of these journalists? Most likely, their intent is to hit a deadline to sell advertising. Nothing malicious about that, although they may do so recklessly without regard for how much of the truth they explore in their stories. The idea that they write these stories trying to do damage to the Perl community is plausible, but highly unlikely.

As for the "high public profile" - I imagine there will be very little fallout from this. Even Microsoft gets very little fallout from all their emergency patches they were sending out as the world still is primarily Windows, IE, and Word, and those were much more pervasive, exploited, and visible problems than this one. Six months from now, no more than a couple dozen people will even remember it - probably not even the journalists that wrote about it.

That's not to say that P5P isn't doing a fabulous job in solving the underlying problem for 5.8.8, nor to say that they shouldn't bother. Security threats are serious, and should be taken as such. Just that most people don't seem to treat them that way, and it'll just be a fog in their memory in the not-too-distant future.