The question the OP poses is a valid, legitimate question, in light of the "sharing is caring" Core Value most of us here have. If you have something others are interested in, why not copy and share and let's all be happy?
We can only guess at the real reasons;
1. Because of the dirty p1rat3s!
You can seriously question the validity of this reason on the 3DS platform. On the PS Vita for example, it would absolutely be a valid reason as there is zero piracy on it (save for the previous-gen emulation sandbox). Firmware <= 4.5 3DS XLs are still available today, new in box, at certain retail locations (think pharmacy chains), if you include regular 3DSes and include the 2nd hand market there are many more. People that want to use self-made copies, can and will.
2. Because of the *cough* dirty p1rat3s *wink* ... but only because I'm afraid The Corporates will come after me!
This, unfortunatly, is not without precedent. Even if you take proper care to release it anonymously (e.g. use a public WiFi hotspot outside of CCTV view with your favourite anonymizing linux live-stick), devs seldom develop vulnerabilities into exploits in absolute solitude and have collaborators, testers, etc. that may roll over for a wad of corporate cash and/or legal threats.
3. Because it's not ready yet.
Tinkering with internals that you do not understand 100% or are part of a chain of trust may lead to bricks (just think back how many PSPs were (semi)-bricked before Pandora came out, developing Custom Firmware). A good dev will try to take all circumstances into account they can think of and make it as idiot-proof as they can before release, because there are noobs who mean well, just do not (yet) know what they are doing. The drop-back to RealNAND when trying to update EmuNAND when not first setting up your Internet settings correctly is one of those situation you'd prefer to avoid. Doing It Right takes time.
4. Because Ninty will block it.
But that will likely happen anyway. The only reason this would stick is if you expect a big bundle deal coming up, with a mega-title included, ensuring plenty of available stock outfitted with your vulnerable firmware. But after that, the next bundle will come, and the next one after that.
5. Because I'm going to use the one exploit I currently have to find a couple more, as insurance against being locked out in a future update.
This is indeed always a likely outcome, and taking up insurance is in fact Best Practice amongst console reverse-engineers. For 3DS it's even more complicated, as you need both complicated userland exploits and kernel exploits. If Nintendo releases firmware 8.1.0 and blocks all your user-land exploits, your kernel exploits are useless until you find another userland.
6. Because the current hack is not "deep" enough.
The holy grail is to patch at a very low level in the chain of trust and be free of everything at higher levels, and hopefully in such a way that it cannot be fixed with a firmware update. For PSP, that was the IPL (boot0?) which did away with sigchecks completely.
Etc. etc.
We can only guess at the real reasons;
1. Because of the dirty p1rat3s!
You can seriously question the validity of this reason on the 3DS platform. On the PS Vita for example, it would absolutely be a valid reason as there is zero piracy on it (save for the previous-gen emulation sandbox). Firmware <= 4.5 3DS XLs are still available today, new in box, at certain retail locations (think pharmacy chains), if you include regular 3DSes and include the 2nd hand market there are many more. People that want to use self-made copies, can and will.
2. Because of the *cough* dirty p1rat3s *wink* ... but only because I'm afraid The Corporates will come after me!
This, unfortunatly, is not without precedent. Even if you take proper care to release it anonymously (e.g. use a public WiFi hotspot outside of CCTV view with your favourite anonymizing linux live-stick), devs seldom develop vulnerabilities into exploits in absolute solitude and have collaborators, testers, etc. that may roll over for a wad of corporate cash and/or legal threats.
3. Because it's not ready yet.
Tinkering with internals that you do not understand 100% or are part of a chain of trust may lead to bricks (just think back how many PSPs were (semi)-bricked before Pandora came out, developing Custom Firmware). A good dev will try to take all circumstances into account they can think of and make it as idiot-proof as they can before release, because there are noobs who mean well, just do not (yet) know what they are doing. The drop-back to RealNAND when trying to update EmuNAND when not first setting up your Internet settings correctly is one of those situation you'd prefer to avoid. Doing It Right takes time.
4. Because Ninty will block it.
But that will likely happen anyway. The only reason this would stick is if you expect a big bundle deal coming up, with a mega-title included, ensuring plenty of available stock outfitted with your vulnerable firmware. But after that, the next bundle will come, and the next one after that.
5. Because I'm going to use the one exploit I currently have to find a couple more, as insurance against being locked out in a future update.
This is indeed always a likely outcome, and taking up insurance is in fact Best Practice amongst console reverse-engineers. For 3DS it's even more complicated, as you need both complicated userland exploits and kernel exploits. If Nintendo releases firmware 8.1.0 and blocks all your user-land exploits, your kernel exploits are useless until you find another userland.
6. Because the current hack is not "deep" enough.
The holy grail is to patch at a very low level in the chain of trust and be free of everything at higher levels, and hopefully in such a way that it cannot be fixed with a firmware update. For PSP, that was the IPL (boot0?) which did away with sigchecks completely.
Etc. etc.