I don’t think so. Those users had opted in to share information within a certain group. They’ve already accepted the risk of sharing info with someone who might be untrustworthy.

Plenty of other systems do the same thing. I can share the list of games on my Steam account with my friends - the fact that a hacker might break into one of their accounts and access my data doesn’t mean that this sharing of information is broken by design.

If you choose to share your secrets with someone, you accept the risk that they may not protect them as well as you do.

There may be other reasons to criticise 23andMe’s security, but this isn’t a broken design.