A. Leave the hole open for all crackers who already figured it out, thereby leaving a security hole open for possibly all time. Apple apparently weren’t fixing it; they first said they were going to, but then didn’t do it, and then ceased all communication.
B. Tell the world, thereby forcing Apple to fix the issue. This leaves all Apple users vulnerable to more people than choice A, but only, one would assume, for a limited time.
The ideal situation would of course have been C: Apple promptly (or at least within 90 days) fixes the issue upon being informed of it, before the world at large was made aware of it. But Apple chose not to pick this option. Only option A and B remained.