I think the response to that is best summarized as **YAWN**.
One of the basic tenets of attacking security is that it works best to
attack the things that you know a remote system will allow. The
bailiwick system is *OLD* tech at this point, but is pretty much
universally deployed (in whatever forms across various products), so
it stands to reason that a successful attack is likely to involve
either in-scope data, or a bug in the system.
The fact that this was known to be a cross-platform vulnerability
would have suggested an in-scope data attack. I thought that part was
obvious, sorry for any confusion.