The issue, as you might guess, is that the window exists in the first place. Someone with a still-valid login could not only spy on whatever’s happening, but download videos. The same incident that prompted the change also included phantom rings in the middle of the night.
The flaw provides something of a headache for Amazon, which only acquired Ring in February. If it’s going to use Ring’s doorbells as part of delivery solutions like Amazon Key, it needs to know that the devices are reasonably secure against exploits like this. This is also a reminder that smart home security needs to be particularly tight — a loose policy can easily lead to privacy violations.