Responsible disclosure gives the vendor a chance to fix a flaw before everyone knows about it.

In the case of a private key exposure, the only possible fix is to tell everyone to stop trusting that key. That's exactly what happened here.