Seems to be really about misconfiguration and serving as a reminder for developers to check permissions on AWS buckets. While some data is obviously stored in public bucks for a reason, it's clear that much of the data Rapid7 was able to find in the "open" buckets was not intended to be made available to the public. It's not a security flaw with AWS, but an administrative oversight really, but at least a good reminder for everyone to go check their buckets :)