In this particular case, yes. There will always be non-exploitable bugs.
The problem is that when you begin to dismiss bugs as non-exploitable (whether you've fixed them or not) and their reports as "overblown," you put yourself in the unfortunate position of only needing to be wrong once. Specifically, dismissing bug reports with the notion that the bug would never be exploitable—not because the bug is "beyond the airtight hatchway," but because no one would be dumb enough to write an application in a particularly boneheaded way discounts decades of examples of people writing software in amazingly boneheaded ways.
Whether it's true or not (and, in this case, it seems true), this is not a way to inspire confidence, and an SSL implementation needs every bit as much community confidence as it does technical correctness.