My point is...
"no-one has got into my house, even though I leave a key under the third flower-pot in my back yard" - not a bright disclosure...
even if the bad guys were guessing, and spending hours trying to find the way in, publishing enough detail to make their sad lives easier doesn't seem right....
we, the users, don't need to know specifics about how vulnerabilities can be exploited when we have no control or means to mitigate them.
sure, tell us that security issues exist, and tell us to upgrade to Version XX.X on our platforms to close the doors, but don't tell the whole world how the security could be breached, that is not important information for the end-user. all he needs to know is how to lock the doors.
you've made the assumption that the bad guys know this vulnerability, that's like saying...
"no-one has got into my house yet, even though I already told you I leave a key under the third flower-pot in my back yard - come on guys, break in, but be aware everyone now knows you are coming, and how you are getting in"