We can agree to disagree because the perspective really wasn't for you, it was for everyone else reading that will share a sentiment they've felt but never articulated
There are two kinds of vulnerabilities in the world:
The kind organized criminals will pay tens of thousands of dollars for, and the kind they, like any Internet rando, will pay $50 for lulz.
If you think this dumb regex bug is worth the same to organized criminals as a Chrome sandbox escape or drive-by reliable Flash RCE... well, people think that about a lot of bugs, I guess.
This LastPass bug is terrible. I was already inclined to warn friends against using it (but my other friends have beat me to that punch many times before). The bug looks terrible for LastPass and its mere existence is damaging to that project.
But that doesn't mean the bug has significant monetary value. As someone else here cleverly put it on the last dumb bug bounty thread: you can smash a car with a sledgehammer, but that doesn't make the sledgehammer worth the value of the car.
Perfect analogy, I'm putting that in my back pocket.
Bug bounty programs, presumably, prevent unsavory exploits at some point in the future. Having this responsibly disclosed was damaging still, but cost LastPass less money than having it exploited later.
I'm not sure where that falls on your "significance" scale.
