I don't understand how this is an evil flaw, its more like those public S3 buckets, uneducated or forgetful developers committing secrets to github.
The headline and intro are written as if those vulnerabilities can be used to spin up 100 servers on GCP, but when I reached to the end it was like, EH?