On the plus side it was a great leading indicator of a vulnerability in various bits of code because we would see searches that tried to match a particular package and version increase and then shortly thereafter a story would break about some data breach and personal data being stolen.
I was always a bit conflicted by it. I developed a number of tools which could identify this traffic and automatically ban it on our search engine which was the right thing to do, but you can probably sell that information to these organizations. So as a startup it was leaving money "on the table" as it were. I expect the way extract money out of that stream would be to have a site that accepted bitcoin and would return URLs of pages that matched a particular software package pattern.
Its also a great tool for sales people who are trying to sell wordpress themes for example (or identifying you is using your non-free theme without paying).