It might have been good that it was indexed by Google so that the problem was found quicker. Completely agree about how can cleartext be allowed. Harder to regulate overseas, but would it be possible to have an actual law in the USA against storing passwords and other confidential in cleartext? There are various consumer protections such as food, cars, toys, and could similar things be legislated for data?
PCI isn't law, it's the product of an industry group, and is arguably more about the protection of the networks and issuers than consumers.
There is even less guidance and specific regulation pertaining to the encryption and security of banking records. The audits and regulations that are in place are more about overall controls than technological measures.
Yes, my impression is that passwords are not treated with the same seriousness as say credit card numbers, or health info. That (passwords) was actually what I was curious about, before I generalized my comment.