Service Pack support comes in SP1 for 7.1, and although it's a little odd to talk about the release coming after the next release as "soon," they did say summer 2011. That would resolve the Service Pack issue since it would be included in compliance reports.
Personally, I would consider this unintended behavior, but not a bug, because a system that cannot receive security updates because of a Service Pack deficiency is still vulnerable. Although the check may disregard the system because of Service Pack 2 not being targeted by the release, it should still show as vulnerable in reports.
Perhaps that's something to submit as an Idea if you feel strongly about it.