So you're right, Mercado Pago and Stripe are not in direct competition, just in the same business.
For at least 7 hours, anyone could get an access token for any client id, without entering the right client secret. With that access token they could see a lot of information for any account.
See Stripe's Security section: https://stripe.com/help/security
I'm still trying to find Mercado Pago's Security section and security vulnerability protocol (e.g. Who do I contact when I find the next security hole?)
Most of the big IT companies in this side of the world follow the ideology of "we don't care about doing things correctly, we only care about getting the stuff done" and succeed because of the traction they generate due to the lack of serious competition.
Recently Amazon joined the e-commerce arena in Mexico, but my expectations are that Mercado Libre will follow the footsteps of Ask.com, Source Forge, etc. instead of improving, they have been arbitrarily doing UX anti patterns in the last years in order to protect their income at the expense of the users.
The fact that they allowed such a blatant vulnerability to reach production makes me question their test suite and development process. What else is wrong that we are not seeing?
I expect more transparency and professionalism from a company that processes $7.1 billion in transactions.
Security is hard and accidents are easy, dropbox once had a four hour period where they didn't verify passwords!
http://techcrunch.com/2011/06/20/dropbox-security-bug-made-p...
I believe that owning up to your mistake and being transparent about it can only make your customers trust you more. What worries me is that Mercado Pago is huge and they never released a statement about this issue. I hope that they change this policy soon.