>They might just keep quiet and pretend there was no security breach, instead of doing the proper thing and renewing the certificate. If you know they paid upfront, you can be more sure that they will take advantage of the free renew upon a security breach.

This is the point that I'm not so sure about. I know there are plenty of people running SSL certs (from any company) that have no idea what Heartbleed is, let alone what 'certificate revocation' means or why they'd ever do it.