Well yeah if your comparison is that the person's morals allow them to just turn around and sell it in the black market, maybe they could've paid more. But the reality of HackerOne is that most people are really just doing it as a hobby or side project that happens to generate cash.
Some people build 10 different static website generators, others do bug bounties. It doesn't mean they'd go on to sell these exploits and risk going to jail.
It's not the people using HackerOne to be concerned about. It's the ones who don't use HackerOne because they realize they'd get more money on the black market.
When it comes to vulnerabilities with a large enough impact it isn't enough to learn about most of them, because all it takes is one financially motivated actor to weaponize things.
There is almost certainly no liquid black market for this bug, even though Slack is very important to lots of businesses. It had no half-life at all (the fix was one-and-done) and doesn't fit into any existing business/operational model (nobody has an infrastructure where different targeted Slack bugs are pin-compatible drop-ins).
Some people build 10 different static website generators, others do bug bounties. It doesn't mean they'd go on to sell these exploits and risk going to jail.