Kurt Wismer at antivirus rants posts a thoughtful followup to my benevolent bots post. He probably does a better job than I did explaining the risk of this "benevolence." I agree entirely that as soon as you perform some operation with the bot, either taking advantage of its native capabilities or dropping a new executable on the compromised system, then you are no longer benevolent.
What is more interesting to me is how you might use the passive takeover of a control server (the way F-Secure and the German researchers did) to further security. So this is more like a detection mechanism that may then communicate with a responsder that is authorized on the same client.
For example, Symantec could intercept communications at the botnet server level through passive takeover (I don't support actively hacking a botnet server unless given explicit authorization by some authority) and then either set up its own version of a "real-time blackhole list" for compromised clients and/or communicate with those clients it has an agent on to respond to the problem.
This still doesn't eliminate the problem of false accusation should someone replace a botnet server…