There's no one-size fits all solution. I've made the argument for informed disclosure here in the past, but in this case it probably wouldn't work. The DTLS code is so small and self-contained and the code so obvious to an auditor that just saying that there's an exploit in DTLS or to compile without heartbeat is probably enough to give the blackhats a running start. But there are other situations where informed disclosure is better than responsible disclosure.
Did Google do the right thing here? I'm not sure, but it's not completely clear that they didn't. There are several factors that bridge the gap between theoretical ideal and what can work in every situation in the real world.