Well, yes, that's why Apple won't pay a million dollars for it. But there are tiers lower than that ("Unauthorized access to sensitive data from a user-installed app") which do cover the kind of bug described here.
You've lost me. What does this have to do with the point I made about which bugs we want security developers at Apple spending their time on? You seem to be making my point for me.
The whole point of the bug bounty program is that anything that qualifies for it is something that Apple considers to be important enough to pay out money for, because they (ostensibly) want people to report these to them. I understand if they are overloaded with "this function leaks the country of the device" bug reports but the ones that they actually include in the bug bounty program are those that have the potential to significantly damage their stated goals around security, so it's kind of the point that they review all of them.
If Apple wants to nudge people towards submitting more serious bugs, they can pay more so people are incentivized to work towards those rather than mucking around in gamed. But, they don't really get to say "we didn't really have time to get around to this Contacts bug, sorry": people expect them to have it fixed. That's the whole reason Apple offers a bounty at all: so that researchers tell them about it early so they can fix it.
