May I indulge in a bit of devil's advocacy?
Think back to when Stuxnet and Flame were believed to have been developed and deployed. Iran was alleging that their nuclear program was making impressive strides, and Israel was threatening military action to put a stop to any such advances. In the immediate term, Stuxnet and Flame spared Israel from having to risk pilots and aircraft, as well as the lives of the Iranians attending to these facilities.
That's kind of small potatos, though. Consider the larger backdrop, on which these events occurred. In 2006, NATO was attempting to ramp up operations throughout Afghanistan to cobble together some semblence of stability, and Iraq was an utter shambles (this was the year of Abu Ghraib and the fall of Anbar Province). Israel needed bunker-busting weapons from the United States to carry out their proposed attack on Iranian nuclear facilities, something which could have easily drawn Iran into the conflicts in Iraq and Afghanistan, potentially tipping the balance against the occupying forces or drawing those conflicts out much, much longer than they otherwise would have lasted.
Doing nothing wasn't necessarily a much more appealing option than the military strike. Power in the Middle East has always been balanced on the head of a pin. A nuclear Iran poses a serious threat to regional stability, if only because their possession of a nuclear deterrent may serve to free up their conventional forces for offensive operations. Setting aside the rhetoric of driving Israel into the sea, Iran has an ongoing dispute with Iraq over territorial waters in the Persian Gulf, and Iran, even without nuclear capability, has poked its nose into Iraqi territory, since the 2003 US invasion, going as far as to sieze part of the Al-Fakkah oil field for three days at the end of 2009.
When you consider the context, some electronic espionage does seem like the much more appealing option.
That's not to say that there aren't disturbing technological, societal, and political implications. Before proceeding with this style of sabotage, whoever is at the helm needs to carefully consider the consequences of his/her bug getting out into the wild, as it almost inevitably will. That being said, by the time such a bug gets into the wild, as we're seeing with Flame and Stuxnet being discovered five-plus years after they're believed to have been deployed, it's probably done its job, and security software developers will fairly quickly move to limit any collateral damage. Even in the worst case scenario of an espionage-grade piece of malware getting loose and going totally undetected or unaddressed, technology will eventually march past it, providing newer hardware and software standards, with which the malware will not be able to interface.
I'll grant, that's cold comfort, but espionage and warfare are rarely undertaken because they're a desirable option; they're undertaken because they're the least undesirable option available. Electronic espionage/warfare doesn't look like it's really any different. Stuxnet and Flame may have served to save quite a few lives and prevent further deterioration of the Middle East, during a very volatile period.
