Hi, as someone who also worked for a company which was working for Centrelink at the time (Not involved in PLAID) I have to admit that I admire the development of PLAID because the commercial products available were rubbish and "Security agencies" such as NSA and DSD were not helpful in this regard. A significant gap in the way that smart-cards which were being used for access control such as building security worked was found and an attempt was made to re-mediate this.
Protocols evolve over time to either become better or reveal the fact that they are fundamentally flawed. SSL was not written by cryptographic experts it was created by Netscape and it has evolved over time to secure a significant percentage of Internet transactions. PLAID exists because all of the available security products in this space were fundamentally broken and PLAID was an attempted to fix this problem. During the time since this protocol was created I've watch the various debacles with a number of propriety commercial smart card products used in public transport. I would hope that PLAID will evolve over time with the assistance of interested parties to be an open protocol which provides a solution in this problem space.
One criticism of this appears to be that a department which spends billions of dollars on ICT infrastructure should engage in the development of a product when there is an identified gap identified in the market. The spend in total was in the hundred thousand dollars so in reality the project was done on a shoestring is it's not surprising that there are flaws.