The issue, as you might guess, is that the window exists in the first place. Someone with a still-valid login could not only spy on whatever's happening, but download videos. The same incident that prompted the change also included phantom rings in the middle of the night.
The flaw provides something of a headache for Amazon, which only acquired Ring in February. If it's going to use Ring's doorbells as part of delivery solutions like Amazon Key, it needs to know that the devices are reasonably secure against exploits like this. This is also a reminder that smart home security needs to be particularly tight -- a loose policy can easily lead to privacy violations.
Update: Ring has issued a statement promising both additional improvements and reminding users to avoid sharing login details when possible. You can read it in full below.
"Ring values the trust our neighbors place in us and we are committed to the highest level of customer information and data security.
"We strongly recommend that customers never share their username or password. Instead, they should add family members and other users to their devices through Ring's "Shared Users" feature. This way, owners maintain control over who has access to their devices and can immediately remove users.
"Our team is taking additional steps to further improve the password change experience."