The key words being "may be." The fact is that a bunch of kids working for an essentially unofficial department of the government were given root access to all sorts of systems with no oversight. We simply have no idea how deep the damage goes.
You seem to have a different definition of hyperbole to most people. I think everyone here understands the security implications of physical access to a server, the protocols that are usually put in place surrounding that and the reasons for them being there. The servers gave been compromised. We know that. To downplay the dangers of that surely makes someone guilty of the kind of misrepresentation that you're concerned about
