Those two hackers could have scored $15,000 to share amongst themselves by simply disclosing information about their findings.
The problem with your response that $15,000 for 30 exploits is basically nothing between two people. A given browser exploit for IE supposedly has a street value of $10,000. Assuming FireFox exploits are about the same in price, they make 20x by holding them
back from MoFo.
Not quite idiotic to hold them back if you have loose ethics. I doubt they have 30 exploits, but they probably take a great deal of pleasure making people with a (smug) sense of security scared again.
Side note: IMO, they should be responsible and disclose them.