Do you seriously think they exploited the webserver to replace text, but didn't bother copying all the system logs and installing a backdoor and rootkit? You're right, they did it for the lulz. It's too bad that MI-6 only has access to documented, patched vulnerabilities and this website will be back to impenetrable by foreign intelligence services status in no time.
A much better suggestion is to not allow flash to be installed. There are critical security vulnerabilities in like the last 100 versions of flash. Having the "latest patched version" doesn't make you much safer when new 0-day flash exploits are constantly being discovered.