Deozaan: yes I updated on another machine and noticed that this time. So the updater layout was a bit better than I first thought. The "Reader Update" above is just a category, not an update in itself. So the it is pretty clear that there are no more updates in the image above. But still a bit messy. BTW, I think it makes sense for every updater for every program to very sharply distinguish security updates from other updates. Larger font, bold, color, blinking letters, whatever - just declare loud and clear either that there are security updates available or that there are no security updates available. Users should never have to sift through various other add-ons etc to find out the security update status.
f0dder: yeah, I'm hoping that not installing the add-on will prevent the exploit in the first place. But I installed the security update anyway of course.