The way they describe it as an issue with free accounts seems vague and misleading. Why would _any_ account have this broad of access? Why would free ones be uniquely insecure vs official ones?

This suggests a bad actor at any institution could do the same thing done here. No?