that they are not a good app developer.

The programmers are using bad practices that cause security holes. (If not in of themselves, by forcing users to disable UAC, so this is a true statement.) Their testers are obviously testing with UAC off, which is a significant deviation from the expected use case. A good app developer would not do both of these things at the same time.

Maybe that will be enough to get them to fix it. If it's not, that's a third reason they're not a good developer.