Just to make it abundantly clear : from now on, all security-related reports should be logged on Hackerone. The other form will be deactivated.