For when it was designed in the 1960's. Note that much of the system is still rooted in the original designs. I worked in that industry and it wasn't any kind of secret how terrible this 50 year old security was. A lot of the design decisions such as no support for a year (all dates are in the future with no year indicated, so limited to about 330 days out) and the PNR code itself, plus storing the data in the record (everything vanishes on the day the last leg of the flight is complete). No one in the industry wants to change anything since every part of the travel industry is dependent on nothing changing. Even if hacking becomes rampant nothing will change.