That is a pretty big difference there. We didn't steal credit card info >_>Microsoft fucks up at programming security all the time. Does that make it okay for hackers to go around and jack other people's credit card numbers and ruin their credit scores because of a bad programmer?
No one in their right mind is going to buy the "It MS's fault" line or "You should have used a different Program/Operating System" line from the hacker when he jacks your credit card number. Because he is at fault for abusing the loophole even if he didn't create it.
There is ample enough evidence that the SE programmers leave much to be desired. But being given the opportunity to do something does not mean it is legitimate for you to do it. The exploit was there, that doesn't mean you were supposed to use it or were justified in using it.
You could have reported it and gotten it patched however much sooner. You made the conscious decision to exploit the bug (or partake in a shell/runs that made use of the bug). You had free will, you made a decision, now it's time to accept the consequences.