So if can be purchased and studied, why isn't someone like the producers of Flame, Stuxnet and govs getting on the band wagon and produce their own exploits with credible claims of the ability to compromise systems, steal data, passwords, compromise EPOS and banking systems etc?
Put their own malware nasty with a cryptic name on the same sites these turds use and when one of these crooks purchases it and deploys it the only thing it does is compromise their system and reports back who and where he or she is, make dozens of them use similar names to exploits that are already in use.
Get paid by the bad guys as a bonus!