But in another part of the statement it says "We stole no bitcoins. There were none to steal.", which seems to contradict them having ~1 million BTC.

The balance may have been obtained from the logs, rather than from actual funds stored in the wallets.

It's a DB dump, so this is exactly what it is.

If they had the public keys to all Mt Gox's wallets whey would be able to check them for funds, but there would still be questions about who controlled the wallets and if they had found them all so it would still not be proof of fraud (but the more evidence collected the more likely there will be something confirm-able discovered)

It appears the hackers think it is a lie because all public statements I remember seeing and even the leaked "resurrection" plan talk about 0.7M BTC.

There has been talk of a Wally trading program which is said to have be run by Mt. Gox to profit from the price imbalances. If this is true then the 200k might be Wally's account. Which would explain why Mt. Gox does not consider it real liabilities.