Seems like an odd proposition for an attack vector. Maybe, just maybe if I make this look like a misconfigured server, maybe, just maybe, someone will grab the boost files from the server and compile them? I can’t imagine.
The open server does not have to be a deliberate attack setup. It could be compromised itself, or someone could have downloaded a bad artifact to it unknowingly. It could be someone's malware research storage (admittedly this is pretty unlikely). It's the simple fact that the provenance is unknown.
I've heard of people doing similar things before. Maybe people working in high security environments downloading libraries from random websites is common enough that some attackers are actually targeting those people by backdooring common Python packages, C++ libraries, etc. and trying to get their server to bypass enterprise blocking somehow.