In the blog post, Daniel does discuss why that is a heavy handed approach:
People mention charging a fee for the right to submit a security vulnerability (that could be paid back if a proper report). That would probably slow them down significantly sure, but it seems like a rather hostile way for an Open Source project that aims to be as open and available as possible. Not to mention that we don’t have any current infrastructure setup for this – and neither does HackerOne. And managing money is painful.
Add a submission fee that gets refunded as part of the bounty payout, or if the reviewer otherwise judges the submission as obviously legitimate.
Donate all fee proceeds to charity, if you want to counter the any incentive to deny submissions for financial gain.
Oh that is a surprisingly good idea actually.
In the blog post, Daniel does discuss why that is a heavy handed approach: