Every place I have dealt with where internal worry comes up... you would not have seen the servers locked down and 'closed' off. They would have taken a couple of the 'bad' ones down "for maintenance", rebuilt them and gone on their way without any notification. Then when the information got out somehow, it would have been first denied and then sullenly admitted.
[You seem to have a tendency to make everything into the worst case for Red Hat. Why is that?]