Snapchat does not take security seriously. I used the Gibsonsec description of the SnapChat API to make a Java Snapchat client called JavaSnap (github.com/hatboysam/JavaSnap). It has been used in many Android apps with close to 2M combined downloads (from what contribs have told me).
It was too easy. This is why things like 'The Snappening' happen (note: I never did anything evil like that, but it would not have been hard).
1. "The Snappening" was due to a breach of a third party service with no actual ties to Snapchat. This is like saying Bitcoin is insecure because of Mt. Gox's breach(es).
2. Most apps have documented or undocumented APIs. Writing a client to consume them does not indicate insecurity. It's only a security issue if the undocumented API exposes something that the company did not actually intend to expose (which, to be fair, is fairly common).
I have serious doubts about Snapchat's security due to the username <-> phone number leak discovered by GibsonSec, but the other things you listed say nothing of their security posture.
It was too easy. This is why things like 'The Snappening' happen (note: I never did anything evil like that, but it would not have been hard).