It's not as simple as "badly-tested code" - it's actually "badly-designed deployment procedure and insufficient oversight".
TFA is light on details, but other articles have picked up the details and explained them a bit better: basically, Knight Capital were running their code on a cluster of 8 nodes.
They used a flag to signal a module to run. A particular module had been out of use for some years, so the flag to signal that module was re-used for a new module.
With me so far? OK, this is all very nice. Except when they updated their cluster, one of the nodes was missed. It still had the legacy module on there.
From this point on, their cluster was a disaster waiting to happen. Once the flag was triggered, all 8 nodes did exactly what they were supposed to do based on the code they were running - but because one of them was out of sync with the code it was meant to be running, it did something else entirely. Everything else cascaded from there.
It would have been relatively trivial to add some sort of oversight to the system so as to stop it fast if what it was doing versus what it was meant to be doing were two different things - but Knight didn't do this.