Clearly you are not a developer. All you would have to do is create webpage which when you pass it a certain variable pops up a form to upload something and run it on the server. The webpage does a legitimate task (registration for instance) but if you access it with webpage.php?action=registers instead of webpage.php?action=register it jumps to a separate section and allows you to upload a file etc. Even if someone were to give the site a once over it would be hard to pick up. To make it even more secure you can have it check for a cookie or originating IP address so that if someone else tries it, it will ignore it.
Developers have access to very sensitive stuffs, there is a very high level of trust that the developer is not going to do what this guy did. Firstly they are expensive to hire, what they produce can only be understood by another developer, so just having the code double checked (properly, not just a quick look) will almost double your costs, so it's rarely going to happen.
I'm not sure about other countries, although I imagine it's pretty much the same everywhere, but any financial institution here does a full background check before they will hire you. Any criminal record and you won't even get an interview. Bad debt is almost as bad, if you are black listed don't even bother applying. Sometimes they will make an exception for black listing, depends on the situation, but in all my years I have only heard of one.