Please keep us posted as to how the article works out!
I have one other idea...
I am sure everyone here gets the relentless barage of emails about "free consultations," "trial link campaigns" and offers of free trial periods for services encompassing every facet of their website. However, these are almost always form letters which lack sincerity and individualized approaches.
What if you were to send such an email to the websites' owners? Personalized, of course, with a snippet of the improvements you could/would make to the specific website. Offer a free phone consultation or to meet in person and review their website more in depth.
I don't think this would appear as a personal attack on anyone. Email campaigns are an accepted form of advertising...and free consultations seem to be the industry norm. No ethical boundaries would be toed. No scare tactics would be used -- you'd just be repackaging the investigative work you've already done and be offering to correct the problems you have noticed. Even if you don't get any work out of it, you'd have made inroads with these organizations and potentially earned the opportunity to, if nothing else, inform these people of the security issues they may face.
You can't do much more; you can't make people correct problems, only notify them of the potential issues and hope they make the right decision.