Yeah, they fucked up their coding and had a vulnerability that let anyone read private messages. And they are new, so their viability is not proven.
But there are some positive things about them:
The admin took responsibility for the vulnerabilities and took the market offline to fix them. Other market admins tend to make light of security problems and lash out at whoever reports them.
The admin is active on this sub. He seems to have some good ideas and is willing to respond to suggestions.
It's so new that it's doubtful LE is spending a lot of resources trying to take it down yet. Also, being new there is not much to be gained from them exit scamming in the near future.
Programmer here.
These guys seem super nice, so I hate saying this kind of thing...but those issues were not "fix it and move forward" types of bugs. And those do exist. Those were "You seriously are in way over your head" kinds of bugs.
Even if they fix those, the fact is there will be real hackers and real law enforcement out there, and the chances of them getting to even a normal level of security(which is not acceptable here) is low if that is their starting point.
Being able to read anyone's message by changing the message ID is fucking amateur hour. Amateur hour here gets people killed and arrested.