How could they possibly prove that you "know" of a bug and didn't report it!? Are they mind readers? Are they just going to assume that anyone who just happens to unwittingly be within close proximity to a bug exploiter that he/she is completely aware that there is an exploit going on? This is just beyond stupid.
Maybe they are trying to hold onto that "Worst Company" title.