Suppose you are in the market for a new car.  You make a deal with the
local car dealership to lease a new model for a month.  During 
this time, you discover that the locks are not particularly secure; 
in fact, you have found that anyone can break into the car and drive
it off with a minimum of thought and effort.

At the end of the month, you take the car back to the dealer and tell
him about the problem.  He doesn't seem concerned.  Do you:

a) not worry about it and buy the car anyway.  No one will ever discover
it.

b) wonder about the quality of the car and start looking for cars from 
other companies

c) threaten to tell the whole world about the problem in the hopes that
someone will do something about it and feel "a huge debt of gratitude"
to an employee inside the company when he gets the company to consider
fixing the problem.

If you think c) is absurd, your thinking is in direct contrast to
Woody's Office Watch:

[from WOW, April 22, 1998; Vol 3 no 16.]

  There were two aspects to this Windows 98 security hole
  that made it particularly worrisome:

  First, it didn't take an IQ of 240 to exploit the hole. In
  fact, any jerk with a nodding acquaintance of both Basic
  and DOS batch files could cobble together a destructive
  program in an afternoon. If you saw how it was done - that
  is, if you had at hand a working example - you could make
  modifications to the program in minutes. A prolific (but
  pathetic) programmer could turn out dozens, if not
  hundreds, of variations on these destructive programs in a
  weekend. It's really that simple.

  Second, the security hole was unique in that it ran when
  you just looked at a Web page, or previewed an email
  message. You didn't have to open the message - simply using
  Windows 98 and Outlook 98, or even Outlook Express, to
  preview a message was enough to have, oh, your c: drive
  reformatted, or your main data files destroyed. It's true
  that Windows 98 shoots a message on the screen before these
  destructive programs can run - a very obscure message,
  using terminology taken straight out of a programming
  manual. But there was also a way to make the programs do
  their damage a day, a week, even a month after you viewed a
  tainted Web page, or previewed a tainted email message. No
  Windows 98 message warns you about these delayed-effect
  programs.

  In short, it's the largest security hole I've ever seen. It
  makes Word macro viruses look like child's play.

  Anyway, after seeing what could be done, I put together a
  sample "destructive" Web page (the only malicious trick it
  played was to create a folder called c:\WOW). And I started
  jumping up and down, notifying everyone I know in the
  anti-virus community, some of the writers I work with, and
  many of the people I know inside Microsoft, that Windows 98
  had this huge security hole in it.

  I told Microsoft that I'd go public with the "destructive"
  Web page in this week's WOW, unless they fixed the hole.
  Many anti-virus people were uncomfortable with that: it'd
  be tantamount to handing blueprints for mass mayhem in
  Windows 98 to virus-writing creeps. (The only way to demo
  the hole involves placing a fully legible copy of the
  "destructive" code on the Web.) I'd feel terrible about
  doing that, but I feel that I have an obligation to warn
  people about upgrading to Windows 98 if it's going to ship
  with this gaping security hole unplugged.

  I was surprised by the initial reaction. One person was
  certain that Microsoft had promised there was no way to do
  damage to a user's PC from a VBScript program embedded in a
  Web page or email message. But when he opened the
  "destructive" Web page, he saw immediately how that promise
  (real or imagined) had been violated. In spades. Ed Bott
  and Barry Simon both rallied to the cause. Ed hit Microsoft
  hard. (I don't think the Windows team listens to me. But I
  know they listen to Ed!)

  The reaction that concerned me most came from a tech guru
  at the world's largest PC magazine. He said that there was
  no significant new threat from the problem, and that my
  efforts constituted a "gross overreaction." That hurt. I
  became convinced, and remain convinced, that this guy
  doesn't have a clue what's going on. I came away from that
  experience happier than ever that I write for PC Computing,
  where facts have a chance to stand on their own merits.

  Microsoft could have reacted the same way that tech guru
  reacted: buried its head in the sand, claimed that there
  was nothing wrong, that I was grossly overreacting. After
  all, Windows 98 is essentially done, and Microsoft has
  powerful reasons (spelled "DOJ") to get it out the door as
  soon as possible. Fortunately - that is, fortunately for
  me, for you, and for tens of millions of future Windows 98
  users - Microsoft didn't just ignore the problem and hope
  it would go away. At least one person inside Microsoft's
  unofficial "security cabal" took up the cause, and lobbied
  hard internally to get the problem fixed. You and I owe
  that person a huge debt of gratitude.