It seems Google was slightly annoyed that the bug was made public in a blog (and then escalated to Digg) without them being notified. Google, maybe you should make sure you reply to all of your emails so people will be more proactive in writing to you? About 1 in 2 of my emails to Google – including the last one where I've told them about a security flaw – stay unanswered.
Here's another recent XSS-related security bug report (this one via Pd). Look at the telling disclosure history:
IV. HISTORY 30th Jan, 2006 - Bug originally discovered 2nd Feb, 2006 - Vendor Notified ... ... No vendor response ... ... 22nd Feb, 2006 - Vendor Notified again 22nd Feb, 2006 - Public Disclosre
>> More posts