In particular, I'd rather know that when I stay at a hotel with an Onity lock, I should take security precautions instead of remaining in ignorance. I would rather know that there's a general public pressure via the media to change from insecure locks to secure locks. I would rather that hotel managers know about this via the 6-o'clock news rather than in some mailing with a PR spin.
Consider the Therac-25 case and the problems the vendor exhibited in fixing it. That behavior is endemic, and I'd rather be a consumer in the know than trust to the chancy kindness of a corporation whose interest is not per se aligned with my personal interests.
Standard procedure is to give the vendor a reasonable amount of time to fix the problem, then go public if they don't. It's not like there was some big hurry to go public, here. As he notes, the problem has been around for decades and he personally knew about it for years beforehand. Giving the company a few months to get their shit together, if they so chose, wouldn't make much of a difference in the worst case, and could have turned out a lot better.