Some companies like to practice 'security by obscurity' to the fullest. They sometimes try to keep bugs from being disclosed by researchers using various means of ignore up to legal threats or other non disclosure contracts.

Often when things are at a really bad state its in the public interest to make sure these issues get fixed rather than brushed under the carpet. Hence it gets posted on various sec ML lists to ramp up pressure.