I agree, with the (silly?) distinction that it's not "hiding" like a secret key, it's just "not showing to the whole world" because they never had a good reason in the first place IMO. Had they not published them, it would address the privacy concerns some of us have, and happen to band-aid over the easily factorable keys too. I guess I'll agree that's not really a legitimate reason to make them "hide" them now... it's mainly my preference for avoiding metadata leakage. I shouldn't have focused so much on factoring.

Just in case anyone is still reading, some rough analogies: Would you publish intermediate state data from a hashing or signing process? Would you publish your users' password hashes (even w/ scrypt and robust character set+length requirements)? Would you re-use Bitcoin addresses that have spent before?[1] Would you add a feature to an SSH server to return users' public keys to anyone on the internet? Would you have GPG auto-publish new keys to keyservers? I see these as not usually fatal, but not smart or necessary things, somewhat similar to this.

[1] One of the justifications for address rotation in Bitcoin is that once the address has spent, its 512-bit ECDSA public key is known, rather than just a RIPEMD160(SHA256()) hash of the public key. Absurd paranoia, lack of understanding crypto, or defense in depth?