I think they should announce it. It seems pretty optimistic to have an application with buggy code that exposes user data, yet claim that there is no chance that an error or oversight prevented it from being logged. Saying "if we didn't detect the hack then it didn't happen" doesn't inspire confidence.
Getting insight to all security bugs of all cloud providers could be interesting- it certainly would increase transparency. Companies have security bugs all the time that they fix when found internally without telling anyone.
