It would be a brave criminal or attacker who would pay 50K for a vulnerability that works on the latest release candidate, but might not function on the final release, is anyone really sure what Microsoft may change from a security perspective between the final release candidate and the production release? I would expect that security is a work in progress with Vista. This is one element of this story that does not ring true.