That's not the real downside. If it were, you'd be seeing mini-"shadow brokers" leaks every month, because the practice we're talking about here is extremely widespread: the economics of being a zero-day broker hinge on being able to sell the same exploit chain many, many times to the same country, and to get recurring revenue each such sale.

The real downsides here are probably economic and have to do with how this shifts incentives for everybody in the industry. But, at the same time, every big tech company with a desktop/mobile footprint has invested mightily on staff to counter LE/IC/foreign CNE, which is something that might not have happened otherwise, so it's all complicated.

People write as if the disclosure of a bunch of IC zero days is like some kind of movie-plot "Broken Arrow" situation, but it's really mostly news for message boards. Organizations that need to be resilient against CNE are already in a state of hypervigilance about zero-days; adversaries absolutely have them, no matter what "NSA" does.