> "[Action Advised] Review Google Cloud credential security best practices"

  > (Although I don't think this even addresses the underlying issue)

sounds like they want to have customers be responsible instead of fixing it themselves ...