You realize that "attack" is possible explicitly because the protocol is private, right?
Apple can't know that it's not a legitimate communication because they don't know who you are, what device is calling for help, and who the device owner is.
And if you want to use my phone to upload a few bytes/second while I'm passing by, as long as the data isn't being stolen from an air gapped system, be my guest.
I haven’t paid enough attention to have a strong opinion, but my assumption is Amazon isn’t talking about a couple bytes of anonymous location data, so I don’t see how the two compare.
https://www.macworld.com/article/342763/apple-opens-up-its-f...
I'm not sure how that's relevant to your privacy as a user, although obviously the tags and other trackers raise concerns around abuse.