What is the probability of an Apple developer introducing a hard to catch bug and sharing the information with third-party so that they share the bounty?
I don't know. But I do know that the way to prevent that is to handcuff all the developers with crushing process heaviness. Then they won't introduce anything malicious, because they won't introduce anything at all.
Given the published corporate policy on leaking I think it’s safe to conclude they would be fired, and most likely prosecuted when possible.
“The Cupertino, California-based company said in a lengthy memo posted to its internal blog that it "caught 29 leakers," last year and noted that 12 of those were arrested. "These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere," Apple added.”
I think the probability is very low. Apple pays developers very well, and you're asking them to risk all future salary and their freedom. That’s going to cost a lot. Much more than $1M, I would think.