uhm, do you have stats on how many times we cried wolf (assuming you mean we said something was a security bug where it wasn't)? we're not 100% correct of course but much closer to it than to 0% so it's a far cry (pun intended) from crying wolf ;).
as for the typical reaction, where's your data from? the data i have say that people who care about security are avid readers of spender's changelog to the point that the just released ubuntu fix for this very problem misattributed the bug to spender instead of Mathias. the people who don't care (mostly because they don't even know they could or should) simply expect their more or less regular system updates to fix problems that they or others have experienced. details don't matter for them, regardless of what we or anyone else have to say about them, that information doesn't even reach them so we can't talk about reaction as there's nothing to react to in the first place.