There is a difference between authorized leak and unauthorized leak. The former, one hopes, has been vetted to ensure that it won't cause more problems than it solves.
And since the link to respond to Xeni's post doesn't seem to be working: As with BB's editorial policy, there is -- alas -- no guarantee that all violations will be equally acted against; someone makes a judgement call about whether the case is worth pursuing, and that brings us back to the previous paragraph.
Is this fair or reasonable? No. But it's hardly news; security has been selectively porous since the concept of security was invented, and the fact that someone else happened to get away with it, or even be encouraged to do it, is no guarantee that a ton of bricks won't fall on the next person who does so.
The leak was a violation of contract law at least. If it's an act of civil disobedience, be prepared to stand up and take the consequences and use that as further publicity for the issue. If you aren't willing to accept that risk, it probably doesn't matter enough to be worth leaking.
I'm still undecided on whether this particular leak was a good thing or not (it wasn't really news to anyone who understands the NSA's general direction of research), and on whether Snowden simply executed it poorly and got himself in more trouble than he need have done.