Yes, problem is contract programmer gets one chance to get it right, Hacker gets time to look for flaws. This hack happened 6 months after the original code was released, that code was peer reviewed as well. The old ways of posting buggy code out in the field doesn't stack up when millions are at risk.