Well, I just updated my app to Meteor 1.6 recently and FlowRouter is broken:
It happens. It takes a while, but it happens.
(I’m still using FlowRouter since ReactRouter didn’t seem to work well with the combination of Blaze and React I’m using at the moment. This combo is also pretty slow on older mobile devices, so I’d really wish there would be a better solution.)
I doubt this. I had a lot of Arunoda’s packages in my app (e.g. meteor-streams or fast-render) and eventually had to replace all of them since they were broken by a Meteor update. In all of these cases, this was due to some ‘hacks’ he made that were not compatible with later versions any more (as I learned from the responses to the issues I posted). As long as Arunoda maintained these packages, nobody noticed these hacks. But now the best solution is to abandon them.
OK, but sure. Meteor makes no promise to support the use of unofficial API. Package developers should write defensive code when they attempt to use some hack which may change or disappear.
Yes, for sure. Problem is that it’s just too easy to hack into JS code and you - as a user of a package - never know if the maintainer did these kind of hacks 
You’ll only learn much later.