Putting the legal issues aside? It doesn't matter either way: security vulnerabilities trump copycats (in my opinion).
Publicly releasing details of an XSS vulnerability on a third party's site has much bigger ramifications than a copycat site. Plenty of websites deal with copycats all the time: they're frustrating, but they're not necessarily overly threatening. On the other hand, a 0 day could compromise the security of user information. In certain fields, that could completely destroy your business.
1. There are plenty of proof of concepts you can develop that don't destroy the page.
2. The Quora engineers in question didn't enter stuff into a textbox and leave it alone. They went and publicly disclosed a cross-site scripting vulnerability in a competitor's website.
Edit 2: Rick Ross posted a comment there I think is worth highlighting.
"In a way, we're grateful to these guys (Ben and Albert) for helping us close a hole. Their method of publicly vandalizing a test site and bragging about it is another matter. A simple email would have sufficed."
The full quote from Rick Ross is "I am grateful that Ben Newman and Albert Sheu of Quora have identified a (now fixed) XSS vulnerability in our test site, but I am surprised that Quora policy permits developers to engage so openly in vandalizing other people's websites." which is slightly nicer than that article makes it sound.
Personally, I think the Quora engineers involved made some poor decisions. Anyone who looks for security vulnerabilities on websites they don't own or control is on shaky legal footing (there are exceptions: Google, Mozilla, Facebook, and a few other companies provide systems for the responsible disclosure of vulnerabilities). However, publicly disclosing vulnerabilities on a competitor's website (and making your proof of concept mildly malicious) is never going to work out well for anyone: it makes your company look like a bully and exposes you to potential legal ramifications.