Moral dilemma
If someone proposes a feature in their application, and you point out the huge security hole in their proposal, and they then go ahead and implement the feature without fixing the hole, do you have a moral obligation to tell them about it?