[mjmas]

It does note that it only protects against an attacker "who learns the cloud-init user-data at any point after the script terminates".

If the attacker can get the cloud-init user-data while the script is still running (in the time between sending the cloud-config.yaml and connecting with SSH to the machine) that would still allow MitM, but would require more effort on the attacker's part to leak the cloud-init data.

The point of the script was that leaking the cloud-init data after the script has completed is harmless.

[projektfu]

Yes, I'm just saying if you think you've set up a server with Hetzner, but Smersh is able to intercept your first interaction with it and present you a server that you think is the one you created, then it doesn't matter how much you try to harden the compromised server. But if you get MITM later in the the process, the above is the scenario you are worried about.