First off, I could be totally wrong and that my concerns are unjustified.
That said, MDG is tagging this onto a whole range of other services that give me the impression that it won’t come cheap, mainly tagetting larger apps that have corporate backing.
Lets say you have a small production app that’s your livelyhood. You won’t be able to afford such a pricey service. Critical security issue occurs: MDG’s clients get informed, the public is withheld the information, you can bet your ass that in a quite tight-knit community as that Meteor has people talk amongst themselves, so the information will slowly spread out, creating those that are in the know and those that are unaware and therefor the possibility to be exploited.
If security issue alerts were sold as a separate service, that is within the affordable range of any production app, instead of tagged onto a bunch of other services, I’d likely be in favor. Else I think I’d prefer to take my chance with a public announcement as to know what to keep an eye out for.
Again, I could be wrong and convinced otherwise if there are good arguments.