It's clearly an exploit as you can verify if you look at the addon's code.
Code:
function CameraZoomIn()
target = min(GetCameraZoom()-db.increment, db.distance)
MoveViewInStart(db.speed)
isZoomIn = true
f:Show()
end
function CameraZoomOut()
target = min(GetCameraZoom()+db.increment, db.distance)
MoveViewInStart(-db.speed) -- bug
isZoomIn = false
f:Show()
end
It overrides 2 API functions, and uses negative zoom-in to accomplish an unchecked zoom-out, therefore exploiting a bug in MoveViewInStart. All they have to do to fix it, is to not allow negative numbers being used with those functions. Or do it sledgehammer style and make the functions protected, which means addons can't use them anymore at all.
The funny thing is that he even marked the line in question with a "-- bug" comment lol.