One of the requirements of PCI compliance with the credit card companies is that you don't use default passwords in any equipment tied to the card transaction.
Which makes this even more interesting. Based on the password and the fact that a paperclip is required I know the specific vendor and equipment to which the article refers, despite the authors going to great lengths to omit that information. The vendor is a big one and their equipment is involved in millions of electronic payments made every day. You could even say they are "the way to pay." In fact, they are involved in PCI certification for most production deployments involving their hardware: most, but not all, because certain deployments using default configurations do not need additional certification, just a quick verification that IP addresses and the like are properly configured.
I understand the need for a default password, but it really should be changed. That being said, the encryption keys are not accessible using that password. They are stored in a hardware module that self-destructs if you tamper with it. They can only be set in one of two secure locations both controlled by the vendor: if you attempt to use any other means to mess with the keys, bye-bye memory card that stores them. This is bad, but not as bad as it sounds at first.