1. Good on the researchers for finding a potential exploit. Finding the problem is the the first step to fixing the problem.
2. They set up their own testnet basically, and looked at very simple edge cases with the minimum amount of mixing. They state right in the paper that the exploit doesn't work on regular/normal PrivateSend transactions.
Conclusion: In the lab, on a stripped down/simplified network with very very limited mixing, they have found a potential exploit. Nice to know, doesn't actually apply in real life. See MooCow's (and other folks') comments here: