The market value of Heartbleed

If a blackhat discovered Heartbleed or an equivalent vulnerability, wouldn't they just use it secretly?

Assuming Heartbleed is worth much more to a blackhat and a blackhat would have exploited it secretly, the scariest part about Heartbleed is that it should change our estimate of how many equivalent vulnerabilities there are in the hands of blackhats.

(A weakness with this argument is that the market in vulnerabilities might not be liquid, but that doesn't change this analysis very much.)