By publicly exploiting a bug on Lightning that could have put users’ funds at risk, the developer was acting in the best interests of Bitcoin node runners.
The nature of open-source distributed systems leaves some vulnerabilities open to exploitation, but should bugs be exploited publicly or disclosed in private?