You shouldn't be charged for unauthorized requests to your buckets. Currently if you know any person's bucket name, which is easily discoverable if you know what you're doing, that means you can maliciously rack up their bill just to hurt them financially by spamming it with anonymous requests.
lol dude, I’ve known several people who have worked at AWS for years, and the amount of duct tape and bailing wire Mickey Mouse shit that I’ve heard goes on there just… does not inspire confidence.
Yeah in my last role we were probably the biggest user of a certain storage service that was still kinda new, there were quite a few times we found bugs, features that straight up didn't work how the documentation stated, and aws sent us workaround scripts that seriously looked like an unpaid intern wrote.
I'm not sure if GCP/Azure would be much different though.