I have followed this story for some time and was, in fact, in San Francisco when the story broke (Chris Roberts was attempting to board a flight to attend several security events in San Francisco when he was pulled from the plane by the FBI). I like many others have mixed emotions about this situation. Finding vulnerabilities and pushing for remediation and change is a good thing, but I do believe a line was potentially crossed if Mr. Roberts actually exploited a plane in mid-flight. The risk/reward of that hack is a little too high for me.
I am thrilled to see the response by United Airlines to implement a bug bounty program.