If the user didn't put it there, it's hidden. Nobody routinely inspects the detailed configuration settings of their backup system, especially when it does appear to be working if you see it transferring data to the cloud and spot-check a file or two.
Any addition to the exclusions list that wasn't added by explicit user action is a hidden change and a data loss bug.
At some point the user is responsible for verifying their backups, right? You can’t just buy a product, login, and close your eyes.
I’ve witnessed my parents’ Time Machine backups (the simplest backup system of all time) sitting stale because they unplugged the hard drive. They are ultimately responsible for paying attention to the little icon that tells them that the system is overdue for a backup.
I agree that there might be a bug if the exclusion list was modified without user intervention, though I don’t think this blog post convinces me that that’s guaranteed to be what happened. For all we know the author just didn’t notice this exclusion before.
And, again, I think excluding OneDrive and Dropbox is sensible. Most users are not intending to duplicate those backups.
Any addition to the exclusions list that wasn't added by explicit user action is a hidden change and a data loss bug.