There is usually a big difference time and yield in creating exploits from random binary updates and doing the same from disclosures. The amount of people who dissect, or even can dissect, updates are far less than everyone who follows disclosures. So I don't think that argument makes much sense in this scenario.