The summary is that either you attack a very reduced round variant and you get "practical" complexity for the attack, or you attack almost a full round variant and you get an entirely practical attack.
So I think your interpretation of the subtext is entirely correct.
> Unlike SHA-1, SHA-2 algorithms aren’t broken and are unlikely to ever be.
There's also the fact NIST themselves deprecated SHA-1 in 2011 (https://csrc.nist.gov/news/2017/research-results-on-sha-1-co... not mentioned, but otherwise nice timeline here: https://crypto.stackexchange.com/a/60655), yet SHA-2 is still OK. Wiki has a table of cryptanalysis of SHA-2: https://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_valida...
The summary is that either you attack a very reduced round variant and you get "practical" complexity for the attack, or you attack almost a full round variant and you get an entirely practical attack.
So I think your interpretation of the subtext is entirely correct.