Yeah.... I, for one, totally don't expect them to spend a bunch of extra work figuring out if something is a security problem. But I DO expect them to pass along if it's a confirmed security issue if they already know about it. Deliberately obfuscating that information only hurts me. It can't possibly help. The ONLY thing it "helps" is that people get less pissed about security holes.
Having the same number of actual bugs, but being less aware of security holes, is actively dangerous. I consider it egregious behavior to deliberately mislead people about the nature of security fixes.