If the cost of disclosure was a dollar a user there's pretty much no way we'd see them voluntarily tell us they were hacked. We'd have to wait until the information got out some other way.
I think hehheh is saying that a policy like this would strongly encourage hiding breaches. No one would openly admit a breach if they knew it would kill the company. The net effect would be less transparency, not better security.