The signature database is where they'll get more money from. However, this is still bad for them. It gives people the chance to look through the code for vulnerabilities and it allows competitors to look at any techniques they're using. But the worst part is that they're a computer security company that couldn't keep their source code secure. Clearly, accidents happen even when one has the best policies and such in place. Sometimes it's merely chance as opposed to an indicator of something in a statistically valid way. However, it's still embarrassing. I don't find that there's a lot of testing of the efficacy of anti-virus software out there and so purchases are partially made on faith (would love to know if I'm wrong here since I'd be interested in the results). Anyway, as a purchase made partially on instinct, this makes purchasers feel less happy in their gut (so to speak).