The article notes that the VPS providers indicated that those top API traffic consumers were all a specific cron.php on compromised VPSes, so while in theory your statement is true, in reality the issue here was maliciously-compromises VPSes, not VPSes in general.