Just R'ed the FA, and my first reaction was "Bob's an idiot."
I think you might be overreacting a bit.
First, either he is using his home PC to make financial transactions for his employer, or he is taking a laptop home that can be used to access his employer's financial institution.
Fair point, but what if Bob is accessing his own, personal bank account from home?
Second, he's installing shareware/freeware on this machine, and he does it without scanning the downloaded files or researching the reliability of the publisher.
Read the article a little more closely; it specifies an infection via cross-site scripting, not a download. I don't think he can be considered an "idiot" for not researching every search engine listing for reliability before visiting the site.
Third, he uses a browser over an unsecured internet connection instead of via VPN to the company network, which should incorporate well maintained filters and firewalls.
See point 2
Fourth, he continues to use this browser after it exhibits strange behavior.
Again, I don't think it qualifies someone as an "idiot" if they don't do a complete system security review every time their browser crashes.
Fifth, he ignores red flags like unexplained 'Safety Pass' requests.
That's not necessarily a red flag, maybe his bank rechecks this periodically; I doubt, in that case, that most people would keep the schedule of these checks handy to sniff out any suspicious deviations.
If I discovered Bob did this when he worked for me, I'd fire Bob, no matter how much the boss on the temp agency radio commercials loves him.
Again see point 2; Companies aren't the only ones with bank accounts.