Having worked in that industry, it's very common for them to be on the same network as Windows PCs. As for the default passwords, that's their own fault.
The reason they have to be on the same network as PCs is both:
1) The software to program and monitor PLCs are on Windows (made by Siemens, Rockwell Software, WonderWare, were the big names when I was in the industry 10 years ago), so it makes sense to have them on the same network so they can communicate with the PLC while it's online and see the logic operations in real time.
2) The biggest reason is that PLCs communicate with visualization software that runs on Windows (also made by the same companies as above), that can be viewed from a central location. This allows the production line manager to visually see the operations of the machines in a nicer format than looking at the raw logic bits. The visualization software can display shapes, colors, diagrams, animations, etc of the production line with real-time data about what's happening.
So yes, these PLCs are usually on the same network as Windows PCs. Ideally it's a private network with just the PLCs and the visualization/programming/monitoring PCs, but many places are not that strict about the network separation.