What does that have to do with this vulnerability? The problem was a missing bounds check in the implementation. It's not as though they suspect heartbeats are inherently insecure, right?