Would you prefer if someone did the same thing and kept it to themselves (or sold it to the highest bidder)? I think knowing it exists is better than not knowing it exists.
No. I would prefer we, as a community, don’t build this. I am under no illusion that I will persuade all people but I feel clarity that it is morally and practically unwise to build a tool like this at all and especially unwise to publish it as a freely available open source project
Nothing morally wrong about finding an exploit in a system, it's what allows you to make it more secure in the future. Perhaps the most ethical course of action would have been to disclose this to Google/OAI first (which I don't know whether or not has happened), but I find that optional in this case since this isn't really a vulnerability in the conventional sense.
Finding an exploit with the intent to patch it is different that finding the exploit and using it for personal gain which, in turn, is different than finding the exploit and publishing it for open source ecosystem use.
It’s kind like if I took a picture off of your facebook with your keychain, and used it to make a copy of your house key. You’d probably prefer I reached out and told you to take down the picture instead of creating a template of the key for anyone to download and make a copy along with your home address.