Yeah, IMO it would have been entirely reasonable for StartCom to revoke the cert for free and cancel the account.
Also, the flip side of this is that occasionally (but very rarely), people want their private key to be a publicly accessible. See http://readme.localtest.me/, where everything else .localtest.me resolves to 127.0.0.1, and they tried to post a wildcard, but it got revoked.
Intentionally publishing something is diametrically opposed to having something compromised.
That was simply an attempt to shirk his contractual obligations with StartCom and get internet points at the same time.