My biggest problem with S3 is the old multi-layered security model with bucket policies and ACLs. They need to update it to just use IAM like everything else.
That's ridiculous. AWS provides infrastructure and tools, it's up to developers and companies to properly deploy them and implement the appropriate security.
Oh please. AWS can get super-complicated but, especially with the latest console updates, you really have to try to make S3 buckets public. There are good reasons for public buckets; I use them. At this point if you're kicking people, it really is on the developer (or the management of their app dev organization) if they make S3 buckets public "accidentally."
I would like to see more sense of responsibility from AWS for these leaks rather than blaming the users.
It’s bad usability.