Pre-Registration of Intent
There doesn't seem to be a need to pre-register to be a Bounty Hunter in the link given, which means that a hacker can go to town on a system and, if they get caught, they simply say that they were inspired to hunt bugs for the bounties.
If there was this need to pre-register then any exploitative activity seen on MS Servers that didn't come from someone registered on the scheme then it would be judged as criminal activity.
So, instead of putting confidence of storing your data on MS systems, to someone such as myself it would have the opposite effect.
EDIT: I see in the Code of Conduct, bullet point 1:-
Don’t do anything illegal.
This is a contradiction in terms. If you are engaging in the uncovering of bugs, it is arguably likely that your are breaking the law.