My view on this one, as on all "Bloody journos in security outrage" threads, is that it is very silly to get furious that journalists have found the security people out. The shocking thing is that the security failure existed. The newsman didn't create it - the authority responsible for security did that. Far better that journalists find the loophole than that terrorists do - at least as long as you can believe that the Control Authority will close it once their failure is detected. We'd all like to believe that!
But if you have a culture of covering up faults, which is what you get if you blame the messenger, it is not likely that failure will be detected or corrected until the wings fall off. What would we think of an airline that covered up faults in maintenance/flight ops/training...until a crash occurred? Why shouldn't CRM principles (openness to criticism, no-blame culture etc..) also apply to security? After all, the basic idea that being open to criticism and capable of admitting your mistakes improves performance underlies amongst other things parliamentary democracy, "accountability" etc. Most security tasks outside the province of the Police are conducted by private security firms, and a company has only one real responsibility to its shareholders - to maximise profit. If you decide to make it by producing rubbish, and hoping that the customer does not notice - who holds you to account? With something like security, failure will only become apparent after the explosion. So - somebody has to put pressure on. Secrecy is a dangerous and addictive drug.