I think the problem is this: how do they distinguish between those with a legitimate interest (contributors, users, bounty programs, etc.) and those who want to sell the bug on the black market?

Since there's no real solution, they'll implement some "trick" that as a side effect will randomly block other people's work.