It's worth pointing out that the case study is from 2007, there's a good chance that this company is no longer involved and likely wasn't involved in building the API for apps and the security on them.
To be fair, the complete security failure outlined in the article is at the app level and not something I'd expect most IT departments to bear responsibility for (unless they were directly consulted about how good of an idea using basic auth with hardcoded credentials is and gave an OK on it).
Of course, I wouldn't be too surprised if the app/API here were also outsourced to a low fixed price development shop.