[pedrocr]

> The thing is, "somewhere in the backend" is generally accessible from the internet

If this is the case you have much bigger problems that a bug bounty won't fix.

> in my mind, just infinitely worse than gaining access to a computer of a person/uploading some ransomware/something similar

That depends heavily on what the backend server is. There are plenty of databases where a hack is irrelevant because the data is public and there are backups. Meanwhile most people have poor backups and a hack can be incredibly damaging.

>we both see the thing that touches us the most as the problem

I think you're heavily discounting the risk that all these code bases in general usage pose. I've fuzzed C++ binary parsing code on just a laptop and was amazed at how many crashing bugs I was able to find in a short amount of time. Many of those were probably easily exploitable.