We will ban you and ridicule you in public if you waste our time on crap reports.

I see why that is needed, but at the same time I think there is a thin line here, what if someone simply is not sure, a false positive, is that a waste of time to perform investigation?

That ban/ridiculation threat demotivates the report, the message simply says that if you are not a high level engineer or a big company with resources to have identified something in the field, please don't report, individuals with limited knowledge not encouraged to report and that's when the person simply chooses the easiest path: Post the report publicly to some forum or microblog and then there is a disclosure of something that should have been embargoed.

I got the motivation but I don't feel good about the wording.

it links to curl.se/dev/vuln-disclosure.ht… which still mentions HackerOne.

I thought you were no longer using HackerOne? Or do you still use it, just with no bounties?