Right in the summary: "This provides strong evidence that at least for those time periods, no attacker with prior knowledge of Heartbleed conducted widespread scanning looking for vulnerable servers. "
So you are correct about what it doesn't prove, but, its also not really claimed to prove that either. Not even a little bit. What this does, is suggest strongly (not prove) that no criminal gangs (yes, yes, the NSA) were aware of it, or if they were, were not aware of it long enough to exploit it meaningfully.
If the vulnerability were available, if even one person bought it, they would have to use it. What I mean is, if you know this vulnerability can be bought (because you bought it) you know that its out there and its only a matter of time before it gets noticed and fixed.
The only person who has any reason to not use it or use it in a discriminating fashion, is someone who discovered it independently and wants to get maximum use out of it. Someone like the NSA.
This, in no way, proves that nobody knew about it. What I think it does prove is, whoever may have known about it, wasn't selling it and wasn't a memeber of one of the for-profit gangs. That is all.