Considering the researcher had already reported these to Microsoft, and delayed releasing them publicly until Microsoft "pulled every childish game possible" (quote) instead of patching them, it's not unreasonable for the researcher to be withholding another exploit from the public to limit harm.
I also disagree that the PIN bypass would be "10 times more impressive," but that's just my professional opinion.
We know that the PIN method wraps the key in additional layers of encryption, and that the TPM happily returns this wrapped key on boot. So the extra step(s) required would be to bruteforce the PIN and now you can unwrap the plain key.
I also disagree that the PIN bypass would be "10 times more impressive," but that's just my professional opinion.