I think that what PWC are trying to get at (not said in the article) is that if researchers were a licensed "partner", they would have been prohibited from doing any security research and/or publishing anything by their license. Such "gag orders" are commonplace in enterprise software. And since they aren't licensed, they obviously had to steal it and thus have no right to dig in it or publish anything neither.
It is pretty typical reaction of a big company - whenever something potentially damaging to the brand surfaces, the first thing to do is to send lawyers and then perform "PR management". Fixing the actual problem would actually cost money and show that the overpriced product is buggy, so it is not done or only as the last option.