Actually, if the goal of a bounty program is to get reports instead of wild exploits, the only metric of success is getting the reports. In the case that someone would have reported it for reasons other than the bounty, the bounty is not only too much, but completely wasted.
How can you say it's completely wasted? This guy just blogged about getting $$$ from facebook, and it hit the front page of HN. It might inspire others to also report vulnerabilities. And conversely, if he was looking for bounties and didn't get any there would instead be a front page HN story about facebook not paying bounties.
That only holds if those bug hunters who read this consider the payout fair. Otherwise, they may decide not to spend time hunting on Facebook or may decide not to report bugs found in favour of the black market.
