Love the cloud, they fell for the hype.
So, they use it because their managers fell for it too. Thing is, the cloud providers generally DO provide a little protection against unauthorized access. Sometimes it's even fine-grained.
So, beginner developer finds he can't access his cloud-based data and starts turning off the various protections till it starts to work. Now, he gets one with whatever development he was doing - never turning back ON the ones that weren't his problem.
I'd be real money this is why we see so many breaches of various cloud buckets - AWS getting the most because they have the most.
I've seen this "coding at the tube till it compiles or quits crashing" all too much - and it was highly discouraged at the outfit I ran...as in you'd better be in the habit of making a plan first, and actually understanding what each thing means before you do real work, or else.
Lo and behold, these sorts of things just didn't happen to us. We forced people to spend time on toolmaking (BITE and automation stuff), and writing tests that would definitively show just what settings were required, what apis to use and so on - only then was production code even designed.
Then you could give it to beginner morons with inflated CVs to just code...and be almost safe.