First off I'd just like to say that I think people are jumping to conclusions based on what they're guessing is available to PE customers - which is understandable as you can't see the knowledgebase. Suffice to say, most of the information is generated to help PE users, and speed up our handling of trouble tickets/common errors - I've said it before, there is no intenet to "firewall" important content in PE - if it's important it's in public, if it helps PE users fix errors without having to search the forums/gemini/blogs it's in the knowledgebase.
I agree with you that the knowledgebase is not the prime driver for PE adoption -most organisations appear to value the support system (and it's SLA's) and indemnification most, with the PE extensions next, followed by the knowledgebase.
"seriously, you're withholding vulnerability information?" - nope, we don't withhold any vulnerability information, not sure where you get that idea from. PE customers get proactive security emails (i.e. they get emailed if a release has security implications) and get a PE extension to read vulnerability details (and will gain access to one that is searchable) - all of this information is clearly available via the blogs/security blog rss feed/security.dotnetnuke.com bulletins, but the added value is in the proactive nature of the alerts we deliver to PE customers.
Please note, API/database documentation is something that PE customers have asked about, and I fully expect it to be worked on in the near future - as this will come in the form of code based xml-documentation and (presumably) database schema descriptions - the paid effort that will go into this will once again be available to all.
Cathal