Actually it does, imagine that you have a company, and you are developing a new product, your developers will build a proof of concept to prove that it works, right? What guarantees you, that, that prototype hasn't been hacked already? Nothing does. Then it goes to production with that piece of software and there you are, spreading malware with the best intentions.
The exploits lists that you see on the web from time to time are a great tool for hackers, first, they know that their work actually worked. Then they will follow the progress of the solution for those exploits, especialy if they are on an opensource project. They will make sure that the community gets together to solve it, so they can join the project and work on just another "bug", they will actively contribute to the project so they know exactly how it works, to exploit it once again.