Semantics, and really two separate points. First, MS refuses to fix security flaws, we all know this. How many times have others had to release information to force their hand? They absolutely choose to put our data at risk (to make it "easier" for end users) rather than make things more secure.
As to whether the "hide the extension" issue is a security flaw or not, according to at least one definition, a vulnerability (or flaw) is "a weakness which allows an attacker to reduce a system's information assurance". I think this fits that definition. Even Microsoft's own definition makes this a security flaw, although they hide behind "does the system work as intended", which is of course their biggest issue. They design and build flaws into the OS, choosing profit over security in every case. IMO the only time MS is interested in fixing security is when they can show an ROI, not to say that is different than other companies, but certainly more prominent with them.
Granted these are my opinions, but anyone who keeps up on the industry sees examples of this every day.