What's with the free advertising? They were not the ones to do the original work with coreboot or removing the non important parts of the ME. If anything, Purism has lied, taken credit for other peoples work and given people a false sense of "privacy" and "security". "Almost completely removed the ME" is not good enough and there is way too much room to do malicious things.
What's your point? Is it that exploit developers are not compensated financially for their work? Exploit developers should find a better business model than their current one. This guy was able to take freely available exploit knowledge and monetize it. If the parties responsible for creating the exploit feel they have some sort of IP claim against them, they should sue. If exploit developers wish to release exploit details for free then the best they can wish for is charity.
You missed the point. It is all about giving credit to those who do the work and make discoveries. It is in poor taste to exploit people in the case of taking their work and not giving any credit to those that made their business model possible.