Seems like a fair summary would be that since they don't offer any truly secure services (e.g. e2e encryption), there's nothing that this law could require them to subvert. Turning over an individual's account data pursuant to an Australian issued warrant was something they were already doing, and nothing about that has changed under the new law.