After reading more into this, the dev sounds like he's being a twat.
Nginx had some security bugs in alpha code. F5 issued cve's for it, the dev didn't want them to because it wasn't code in a stable release. That's the entire story from what I can tell.
I don't feel like f5 was in the wrong here, and running off to raise a stink seems like an excessive response here.