Two more inductees into the Security Hall of Shame. Honestly, I could devote a whole blog to this sort of thing. Perhaps we should start a Security Hall of Shame blog similar to Steve Friedl's No Dashes or Spaces Hall of Shame.
The most annoying part of this sorry spectacle is that when these sites are inevitably compromised they will whine about the evil, but brilliant, “hackers” who somehow overcame their defenses when the truth is that they got owned by a bunch of script kiddies. Security is devilishly hard to get right but that's no excuse for just being stupid about it.