Criminals will always be looking, but the odds of finding vulns against a company that pays decent bounties should be far lower than against one paying a pittance, since more people should be looking due to the greater potential reward.

Also, in this case, I think that the amount of damage the company has avoided due to the vuln leaking through non-responsible disclosure is far more than $1000. Deleting photos on FB is nowhere near the same class of seriousness.

The company STORES PASSWORDS. Leaking them is serious.

Felonies exist and people still commit them. Should they? God no. But people with a lower moral code exist and they can be flipped to do "good work" if there's enough money for them (and I think you should get more money in general for your important work anyway). I find the notion of your profession only consisting of good people highly offending to the rest of the world.