I think you are mistaking what "master key" means here. They found the dongle HMAC secret, which means that anyone can create a new dongle for getting into service mode, which is apparently useful for downgrading to a different OS in some cases, but has no utility outside of that.
It's not the master key for cryptographically signing executables or OS images.
EDIT: WOW! Okay, looks like they screwed up big time. They used the same random number for all their signatures, which means that they effectively leaked their private key for various bootloaders in the system. The chain of trust is toast.
You're sending me on a roller coaster of emotions here mmastrac! That's pretty cool. I picked up a 360 modified it to play Reach and then sold it for over twice what I paid. I need something new to mess around with, this could be fun.
It's not the master key for cryptographically signing executables or OS images.