If you were designing something illegal and profitable, would you use a third party's site to control your system? Why would you give them the power to shut you down? It's not like it's hard... The messages follow a pattern. They have to be easy to find.
Traffic from random IPs will be spotted and investigated.
C&C over a known service like Twitter, Facebook, etc. is not -- I'd be more likely to assume it's legitimate traffic and not investigate.
What's really surprising is that the bot authors didn't even make a naive attempt to disguise its purpose. Perhaps that shows that this C&C pattern works really well and is not often detected.
