I thought about it, and couldn't see any problems. I was kinda worried that they didn't ask for a signed address instead of the stupid idea of asking for the private key tho.
They needed the btc address (to confirm I deserve the CLAM) - I don't see what extra info they get with the private key.
Did I miss something?
You could perfectly well prove you have a private key by using it to sign something.
They are either lazy or there is some other angle.