I seriously doubt this guy was within WiFi range and needed the SSIS. There is zero point making your SSID invisible or complex when there are tools like inSSIDer, NetStumbler, or Kismet that can scan the network for a short while to show all of the current networks out there. A hidden or complex SSIS does nothing to enhance your security. The biggest problem by far is not changing the default username or password on the camera.
Why on earth do people have baby monitors anyway?
.
No, actually it does. The authentication token that the secure wifi protocol uses depends on both the SSID and password. Hackers have precomputed tables with tokens for common SSID/password combinations. If you have an obscure SSID, sure, they can see it, but it's not on their precomuputed table and they would have to (possibly write code) to try it against (a big number) of possible passwords.
Google "wifi rainbow table" for more info.
If the camera is open to the Internet, then it definitely needs its login credentials changed from the default — you are right. Not sure why you would export a baby monitor to the Internet, though.