And would have completely failed at their intent; a robust 'insurance' policy.
I don't see any real security difference between broadcasting my data where only a few hundred arbitrary people can get it, and publishing it online. If it can be broken, and there's a significant payout in breaking it, it's fairly trivial to intercept all such banking communication through a server. If my bank's security won't protect me against anyone trying to exploit it enmass, I don't care if they publish it or not. If it will protect me from people with a significant profit motive to break it, then I don't care whether they would have to intercept it or not.
At best you have a bit more security by obscurity, which is really poor security in any event, particularly for inherently valuable information.
So far as releasing the key, they were pretty responsible. Not epicly so, but you've got to admit that standard news organizations should have policies in place to deal with encryption, etc.
What the guy at the Guardian did was ridiculous. What wikileaks did was less-than-optimal, but should have been fine if a handful of trusted clients had proved trustworthy.