I have seen many companies getting hacked through vulnerabilities that had recently released exploits, while I was working with an incident response team. I believe in most case the CVE was available for some time before the exploit code was made public but no one was aware of the CVE and its implications so they didn't apply the patches. I don't think the researcher is inviting trouble but once the exploit becomes public there is a greater chance of the vulnerability being actively exploited.
Shameless plug: I've been working on a project called https://hacktrack.info, that lets the user track the software they use and get an email alert when new CVEs are released for their stack.
I am working on https://hacktrack.info a SaaS that alerts you when a new CVE or exploit is published for the software you use. The idea came to me while working on an incident response team, where I noticed that many companies were hacked due to using software versions affected by recently published CVEs or exploits. Most of the similar solution I know of are really expensive or part of a larger product suite.
Like others have mentioned, immersion was a key factor. I also read from Practical Vim by Drew Neil[0] every day and created a bunch of type in the answer and cloze deletion Anki cards with the different commands.
[0] https://pragprog.com/titles/dnvim2/practical-vim-second-edit...
Shameless plug: I've been working on a project called https://hacktrack.info, that lets the user track the software they use and get an email alert when new CVEs are released for their stack.