Hotz is basically appealing to the hacking community, meaning those who actually discover the exploits rather than those who use them. Big distinction.
While the former is a tighter knit community, the latter is considerably larger and quite unlikely to give the guy a dime for his work. And yes; it was work, as he spent a considerable amount of time and effort to find and distribute the keys to the vault.
And yes, he did distribute them; they were on his site.
Publishing those keys for the general public, including those who simply want something for nothing, probably wasn't the smartest thing to do even if "data simply wants to be free." Try explaining that mindset to the guy who has his bank account and routing number or CC account information cracked from a D-base and then published for anyone to access, relying upon the attitude of "I don't advocate theft, but decide for yourselves what you want to do with this information."
The only real mistake he made was in choosing to be a showboating exhibitionist in regards to his exploits, and freely distributing his findings rather than playing ball with SCE directly in regards to their security.
The sad thing is, nobody wins in this case but those who use the information to "get something for nothing." Hotz pays a mint in legal fees, win or lose. SCE loses a much larger mint due to the security compromise and lost software sales as well as damage to the security image of their platform.
