Why, with months of opportunity, hasn't the public testing of Segwit been successfully attacked or exploited by any interested party? (let alone those Core detractors who claim they have coding talent)
One possible reason is that the impact of using such an exploit when it has been mass adopted, can be far more beneficial for the attacker and far more damaging for bitcoin itself, compared to a testnet exploit scenario.
If I were a hacker, I would use any testnet period not to report bugs, but to withhold them and then either sell the exploits or front-run the market by shorting the coin prior to actually exploiting the bug.
Without serious bug bounties, I don't think there's enough incentive to actually report serious bugs.