On the other hand, it appears that the private key was communicated to you so in theory you could swipe any funds the pool finds. This is concerning. Am I missing something?
As I wrote,
my client found the colliding hash160, so naturally my client communicated the private key to me.
It's actually a little bit unfortunate, because if it had been found by someone else, we might have another indication (still no proof), that I was not involved with that address in any way.
In other cases (e.g. the puzzle transaction), it's up to the client operators if they give feedback to me about the private keys found. AFAIK they did so - albeit sometimes with 1 week delay - so far. I mean it is something to brag about - isn't it?
Rico