Whenever I hear the Republicans whining about how incompetent government is, I think to myself that big private companies are just as bureaucratic and incompetent. But then things like this and the initial ACA website launch happen to prove that yes, government really is even more incompetent than big business.
While this does sound rather incompetent, A) it was probably written by a big private company, since our government uses contractors far more than it uses actual employees for most projects like this*, and B) there are insufficient data points to show that big private companies are any more or less secure, when dealing with similar data. Anecdotally, I'd guess private companies are just as bad or worse, or at least would be without regulations like HIPAA to force them to improve.
* I didn't RTFA and if it states this system was developed wholly by in-house staff I stand corrected. And also we should probably raise taxes so we can afford to hire competent in-house staff for our government.