From 2.4 changelog:
Changed the storage of backup files from the plugin's directory to the uploads directory. Also added a .htaccess file for security.
Well, you moved from the plugin's directory to the uploads directory, that's true. But at least at my test site the directory is created, the backup files too, but not .htaccess file was created. So the directory is completely unprotected and accesible by the world.
By the way, I feel that uploads directory is not the place for something that it's not an upload, and can produce some problems. For example, in this case (no .htaccess was created) the content of the backup folder can be indexed because is in an unprotected directory that is allowed to crawlers.
If the backup directory was in wp-content/ instead o wp-content/uploads/, it would be more safe. And if you add some random part to the directory name, for example "aiowps_backups_d2G5" instead of the actual "aiowps_backups" much better too.