Well, it's debatable, but I'd argue that exposing serious issues in the presumed robustness of systems turns out to be useful in the long run. In the worst case, it provides another data point for identifying systems that aren't working how they should. Not that I'm advocating the creation of malware, of course. Don't do that. :)

There's a difference between malware and a 0day. Malware just causes harm to the endpoint. A 0day proves that the potential for a security breakdown is real.