The worry (and article) is about attacks that happened BEFORE public disclosure. After, it's the admin's fault straight-up. Before, nobody (basically) had any hope of detecting or stopping it.
It proves that the NSA didn't use Heartbleed for widescale private-key-harvesting attacks.
What's broken? "Everything is a file" and other traditions are ignored. Log files are no longer text files. I'll stop right there.