When you specify that a batteries maximum envelope is X, and the supplier provides a battery which has a maximum envelope greater than X then, yes, it's a supplier problem.
Except that this isn't what happened, according to the much-more-detailed Anandtech article. Samsung specified the maximum exterior dimensions of the pouch, but those dimensions weren't big enough to accommodate the battery material itself. The second battery was slightly thicker, but suffered the same failure because of the thickness of welds on the very same parts that caused the first battery failure.
When you look at these failures together, it seems reasonable to suggest that Samsung's specifications were pushing the limits of battery technology to the breaking point, and that these unreasonable specifications were the common root cause of both battery failures. In other words, yes, there are limits to how thin you can make a battery and still have it be safe.