Because of who the 'security' was against and when it was applied.
The server was insecure to the Russians, Iranians, and any 16 year old that figured out how to get in.
The server's data was secure against being used against her.
Had she had a secure server but never wiped it but just kept the hard drives in her basement I doubt that the Russians or Iranians would have been able to get to it.
It's like wearing a condom while tight rope walking. You're protected against *one* thing that may happen during the tight rope walk but it's not what you need to be worrying about.