It doesn't "poke a hole" in anything. The only way you get the full E2E encryption Apple talks about is if you enable "Advanced Data Protection", which none of the people in the article did, per the article. Apple could decrypt and return the data because Apple has the keys. Apple is refusing to do so.