Right, I'm sure the NSA doesn't currently take any effort to secure their trove of 0-days. It's not like they're valuable assets or anything.
Edit: My point is that thinking that requiring the NSA to keep them "as secure as possible" as though that would eliminate risk is just silly. There will always be risk of breach or insider theft, as well as the requirement that the exploits actually be put to use outside some theoretical digital lockbox. And more importantly, there will always be the risk of human error. The only way to ensure this can't happen again is to require disclosure & patching.
Wasn't the story behind the NSA leak that it explicitly wasn't well protected, and was passed relatively freely between contractors and without much in the way of oversight?
Edit: My point is that thinking that requiring the NSA to keep them "as secure as possible" as though that would eliminate risk is just silly. There will always be risk of breach or insider theft, as well as the requirement that the exploits actually be put to use outside some theoretical digital lockbox. And more importantly, there will always be the risk of human error. The only way to ensure this can't happen again is to require disclosure & patching.