That's a bit too charitable to Apple, I think. Yes, the decision is covered by the terms of the agreement - they can do what they did. But since the result of their decision is 1) bad press and 2) increased risk of security holes, it's not "understandable" unless you think Apple is run by morons...
I think the risk is primarily bad press. It's not really a "security hole" for apps to add additional runnable code from an external website, when apps can currently contain pretty much anything at all (as long as they don't link to forbidden symbols). Remember that Apple does not see source code, and relies completely on app developers to behave, beyond a few perfunctory checks.
And Apple has made it abundantly clear that they don't care about bad PR in the security community. So there's really no downside to cutting out Charlie Miller, in Apple's eyes. The winner here is Charlie Miller's career.
I really doubt it. To be blunt, Apple is an existence proof that security on consumer products doesn't provide business value in proportion to its cost. Keeping users safe is seldom worth investing in.
That's sort of a strange thing to say considering that iOS and app store sandboxing are doing more to innovate in the security department than any other consumer device manufacturer.
