Re: The mind boggles.
"didn't Kapersky give a false positive and proceed to upload his secret stuff?"
His secret stuff was malware, recognised as such and uploaded for analysis. Subject to the user's configuration, that's what AV packages do. It's how they stay up-to-date on the malware they're supposed to be detecting. It just happened to be NSA-written malware.
As it was included in a zip file the whole zip was uploaded and found to contain the source. Oops.