For example, if the CIA finds an exploit in a wireless router made in China and sold all over the world, that hole can also be found by others and used against targets in the United States.

Is being able to hack others worth letting ourselves get hacked?

The answer to this for me is a clear no. What I was more questioning is given the CIA's role and job, I don't think it's necessarily their responsibility to do it. We're talking about a government agency who's purpose is to collect information about potential threats against the US, they have no reason to want to make that harder on themselves.

If you want to debate changing the role of the CIA, and if or if not it should exist, that's a different set of questions. But given what their job is, why would they want to turn that funnel of information off? It's not in their interest to do that.

I want everything to be hyper secure on the internet, but I also know that there are threats against the US (some created because of our actions) which the CIA is responsible for trying to keep an eye on.

A similar question: is it worth being hacked so that we can know that there is an imminent attack coming against some US interest?

EDIT: I know that the CIA is responsible for some really ugly things in the world, I'm not defending any of those actions. I'm speaking more of what their theoretical function is and what responsibilities they have in disclosing some of this information.

However, the CIA is still a part of the US Government, and as such it still should have a responsibility to work towards outcomes that are best for the US overall. When this appears to be in conflict with their direct mission, in many cases the correct response should be to punt the decision upstairs.

You wouldn't expect the US Forestry Service to take decisions harmful to the overall country even if it made their direct mission easier, would you?