You know all those people at risk because of this leak?
Guess what? They were always at risk.
Their line appears to be that they are the 'good guys' and that the 'good guys' should be allowed to hoard such vulnerabilities and exploits and then sell them to other 'good guys' so they can use them to do 'good things', but if 'bad guys' get their hands on it then they will use them to do 'bad things' and that will be bad.
Now, I agree whole-heartedly with the second half: if malicious actors get their hands on these vulnerabilities then bad things will indeed happen and have happened. But surely that implies that you have a responsibility to protect this information and ENSURE that it doesn't fall into the wrong hands.
I appreciate that preventing well-funded, technologically-capable and determined attacks is very difficult (and expensive) but this software is sold to Governments!!! If that's the level your are operating at then you HAVE to expect that there will be attacks that will be VERY well-funded - possibly even from other states.
So it's no excuse to say that the attackers had "considerable funds" with one breath and then with another say just how dangerous the people are ('terrorists!') who are now making use of this and how much harm this will cause.
You (Hacking Team) are admitting that the data you were hoarding was very dangerous and desirable to criminal and terrorist organisation and 'bad' countries/governments but yet evidently did not secure it against these threats.
That is negligence; you actively pursued information that puts everyone at risk and, rather than help protect them from that risk, you exploited it to make money.
The line that you "do not trade in weapons" is irrelevant. You trade in something that, by your own admission, would create an "extremely dangerous situation" and a "major threat" if it got into the 'wrong' hands. Thus, just like people who deal with "weapons", you have a responsibility to prevent this dangerous product from being accessed by those wrong hands.
But you didn't, and so information you have hoarded and the tools you have created to exploit it are being used by exactly those people.
Of course, this is all taking their rhetoric - that they are the 'good guys' and only sell to ethical "governments and government agencies" - at face value, which is something that I still find not good enough.