This is probably less of a concern than it may initially seem since such messages are returned to the sender, and the explanation strings come from the sender policy published by the domain in the identity claimed by that very sender. As long as the DSN is not redirected to someone other than the actual sender, the only people who see malicious explanation strings are people whose messages claim to be from domains that publish such strings in their SPF records. In practice, DSNs can be misdirected, such as when an MTA accepts an E-Mail and then later generates a DSN to a forged address, or when an E-Mail forwarder does not direct the DSN back to the original sender.
The media and climate ambulance chasers of course will deny that they are becoming disappointed by the latest tracks, and that people couldn’t be so mean as to wish deadly storms to strike land. But it’s not so. Much of the mainstream media are terrible people who are agenda-driven. They deceive their readers and try to manipulate public perception with fear. They make their livings with bad news. Bad news for them is good news. How often do you ever see them write about good news? How often do we see them present things on their bright side? They’re just nasty people.
Bellovin's strongest concerns involve the underlying assumptions of SPF (its "semantic model").  When using SPF, the SPF DNS records determine how a sender is allowed to send, meaning that the owner of the domain will control how senders are allowed to send. People who use "portable" e-mail addresses (such as e-mail addresses created by professional organizations) will be required to use the domain owner's SMTP sender, which may not even exist. Organizations providing these "portable" addresses could, however, create their own mail submission agents (MSAs) ( RFC 6409 ) or offer VPNs or simply not publish an SPF record. Additionally, SPF only ties the SMTP Return-Path to permitted MSAs; users are still free to use their RFC 5322 addresses elsewhere.