> Black hats are not some cartoonish sinister force
I've worked with both white hat and black hat crackers. Most black hat crackers, by an overwhelming majority, are an _very_ cartoonish. That cartoonish and mostly incompetent majority does not pay their bills, they do not protect the confidentiality of their targets or of their colleagues, they violate their agreements, and they will attack the accounts and systems of the people who have already paid them once.
Are there black hat crackers who keep their deals and their word? Yes, there are I can think of several I consider professional colleagues. They break laws, but they turn around and sell their services to vulnerable clients to shore up their defenses, and I applaud their work. I would expect them be willing to pay a modest sum for a zero-day exploit to add to their toolkit. But they're very much the exception. Go spend some time on the IRC chnnel "4chan" to get a much better sense of what the average black hat cracker is like.