Ah, the righteousness of youth! How I miss those heady days!!
But here's the thing: one *can* raise security concerns with a site's admins, if one finds serious vulnerabilities. No real need to hose anyone's system; and nothing gained from that, apart from those death threats mentioned. Even if the damage is minor and would take someone who knows what they're doing only minutes to fix: the vast majority of users will not be able to handle anything close to fixing an MBR, for example.
What if the admins will not take a friendly warning seriously, you ask? Well, then it's probably a hopeless situation and nothing will prevent a catastrophic breach of the site concerned, sooner or later. After all, raising awareness of a specific issue or three, no matter how dramatically done, is unlikely to change the underlying culture.