Read this story about a hacker who reported a security vulnerability and went to jail for it. Forget for a moment that he might have been violating an NDA, or that he might have had less-than-pure motives. Focus on the fact that he was convicted and jailed for causing an "impairment to the integrity or availability of data, a program, a system, or information without authorization" by disseminating the information.
I note that I have committed this "crime" more than once, reporting security vulnerabilities about Slash. Many of you reading this likely have as well, with other projects.
Now think about whether or not you will release security notices again any time soon.