A lot of the security research that has gone on with Windows seems to be focused on embarrassing Microsoft at the expense of customers. That's wrong. Exploiting customers because you hate MS isn't sufficient justification.
What is your main argument or evidence for this claim? I am skeptical that someone carried out security research that damaged real people just to embarass Microsoft. This isn't an attempt to bait you, just curiosity.
Indeed, in some cases this line is clear while in others it's not. And sometimes (albeit rarely) even when it clear there may be legitimate reasons to cross it and let the chips fall where they may.
An example of the latter type of judgement, albeit in a different venue, was Newsweek's publication of the answers for a current college entrance exam. Newsweek's reporters had found that there were [illegitimate] copies of the exam floating around in some circles and suggested to the testing firm that they should replace the test, but the firm refused. By releasing the answers, Newsweek made the test 'obviously' worthless (whereas before it would have been 'deliably' worthless, since there was bound to be an unknown and unmeasurable amount of cheating). Good call IMHO, even though the testing firm argued in court (IIRC) that the published copies of the answers could serve no purpose except to help people cheat [actually, they did the reverse, since the testing form changed the test, thus preventing those who'd bought copies from cheating].