I may very well run a service that my customers' bodily safety depends on the encryption of the SSL connection
If that is the case, your FMEA needs to include undisclosed vulnerabilities in your communication channel's encryption, and the mitigation can't be telling the internet your particular opinions on responsible disclosure.
I knew it was hypothetical, I was just building off my experience with this as a reality and not a thought experiment. I think that your hypothetical is useless to this conversation. The seriousness of death is a good argument tool, but using it in the context of responsible disclosure is theatrics.
Arguing for people with privileged access to the exploit to behave the way you want when disclosing it, is a lot like arguing that people with privileged access to the exploit behave the way you want when exploiting it (ie: don't exploit). When human safety relies on an encrypted channel, you have no option but to assume people aren't going to act the way you want. If you could get people to act the way you want, you wouldn't need to use an encrypted channel in the first place.
Yup. It's a great point. I do frequently mention the safety aspect in conversations about secure channels because I know that was how the importance of the work was pitched to me when I worked with a VPN provider in the past. (As a developer, but not in a role where I would have anything to do with the FMEA you mentioned. I had to look that acronym up.) I think it's a good point for people to keep in mind.
If that is the case, your FMEA needs to include undisclosed vulnerabilities in your communication channel's encryption, and the mitigation can't be telling the internet your particular opinions on responsible disclosure.