[greedo]

Think of it like this. The exploits are already out there, whether they're public or not. MSF takes these exploits, and packages them into a coordinated tool. Sounds evil, right? A script kiddie can grab this tool, update it so it has the latest exploits, and voila! pwn the internet.

Well, they can do that without MSF. It's just harder.

Where MSF helps is with pentesters and other security professionals. When they perform a pentest or audit, tools like MSF/SET/Nexpose allow them to rapidly and accurately determine if a network or system is vulnerable, and prove it (within the bounds of the engagement's scope). Without these tools, a pentest would require far more tedious work.