It does if you consider it from the point of view of a. Someone went out of their way to design this API so as to allow this or b. A team of individuals deployed it without realizing how it would be exploited
You can generally learn things from a breach, but finding and remediating systemic issues like those mentioned above is a big ask
Edit: I either responded to the wrong comment or misunderstood what you said. It’s late in the day…