It's not Nick's fault that the script was designed and secured improperly. However everyone just needs to remember when dealing with such users in the future, that there is a risk for immaturity and malice behavior.
As for the refund, you deserve it unless he fixes it. However--alot of times, just because a new hack or exploit is found in a peice of purchased software, do you have the right to get a refund. I doubt microsoft would be in business if that was the case