It's not "bullshit Terms of Service" - Facebook clearly lays out the terms of the Whitehat program.
There was no bait and switch - it's very explicitly stated that he should not be exploiting the vulnerability, and that it needs to be clearly explained.
I respect that he found a vulnerability, but he still needs to adhere to a website's terms and conditions. If the security team he reports a bug to doesn't "get it" the first time he should try again, not publicize it on Hacker News and attract negative publicity by putting it on Mark Zuckerberg's wall.
There was no bait and switch - it's very explicitly stated that he should not be exploiting the vulnerability, and that it needs to be clearly explained.
I respect that he found a vulnerability, but he still needs to adhere to a website's terms and conditions. If the security team he reports a bug to doesn't "get it" the first time he should try again, not publicize it on Hacker News and attract negative publicity by putting it on Mark Zuckerberg's wall.