I've noticed that within the "legitimate" Steem community of websites and applications, one will be asked for one's private keys on a regular basis, and these legit sites and apps will store (if you allow it) your keys so you don't have to provide them each time you use it.
Myself, I don't use many of these 3rd party sites but most other Steemians I've met seem to. Even so, I've provided my private keys to at least a few such legit companies/apps, and so far haven't had a problem.
This warning gives the impression that users who provided their keys to scammers, who presumably looked/acted just like all these other legit sites and apps, were greedy and/or stupid.
I bet many of them simply got a bit careless. That it happened to so many people that a site-wide warning had to be issued seems to indicate that this wasn't just a couple greedy idiots. But perhaps related to the fact that even amongst the legit sites, we're made to provide our keys often, and these sites often sound very similar, so it's easy to mix them up.
Maybe changes need to be made, because there will always be a few careless people, or instances where normally careful people make a mistake. It shouldn't be so easy for scammers to take over large chunks of a blockchain. It's not just greed and stupidity imo.