I'd assume that he wants to keep it private so in case he is cashing in those coins he is not doxxing himself.
Yeah, I also assume this is the reason. Which is a shame really, given all the better options given in this thread for trying to alert the true owner to the situation.
But what if he doesn't see the urge to move the coins? As you don't publish the public address of the paperwallet, you make no effort to let the owner get aware of his loss. How does that make any later decission of yours to proceed in any way with the paperwallet more justifyable?
Exactly this. It is entirely possible that this was a back up which the true owner had hidden off site, and is not going to check on for months or even years. He is perhaps entirely unaware it has been lost (which is why the better options I mentioned above were recommended). I have coins which haven't moved in years and I don't plan on moving in years. If they've not moved in 10/20/50 years, does that make them any less mine, or does that make stealing them any less immoral? Of course not.
Previously I had suggested to spend the output with an OP_RETURN message. Ethically speaking, that's neither a good option, because some owner's relatives might have access to that money with a signed transaction wherein he has granted them inheritance. Spending the output would invalidate that transaction which is supposed to be broadcasted in the future.
So make a transaction from somewhere else, paying dust to the paper wallet and including an OP_RETURN output. Or top up with dust then spend that dust making an OP_RETURN output. Anyone looking up the address will notice something going on without invalidating the original output.