There's somewhat of a difference with this case, in that he was explaining things a lot of us knew about already. Due to the way this particular event played out all of those private keys are compromised and that's the end of it. There's no further exploitation to be done, no further thefts, no further damage. If nothing else he raised awareness for RFC6979 signatures which mitigate this particular problem entirely.

In general there's little value to doing full disclosure. It's a net loss for the reporter (no bounty payout), for the users (they could be negatively affected) and for the company (that has to deal with the fall out). However, in some cases it's necessary to act in that way in order to get things fixed. If a company is being obtuse, lying, or otherwise not fulfilling their obligations to their customer then there's really no choice.