Let me see if I get this right...
So,
1. some people publish unsecured content,
2. use an URL shortener on the URL, and
3. believe that this protects the content they published.
Could somebody remind me again why these "researchers" think that the actual vulnerability is in the URL shortener? Just because they fail to keep the long URL "secret"?
Sure, go ahead and encourage stupid internet users to stick the blame on others when they're too dumb to protect their content because they have no clue about the hosting service they're using.
"We have to put our stuff on the internet." -- "Why?" -- "Don't know, the article didn't say that."