I suspect every organization is as secure as its least secure/capable decision maker.

It's a scary thing as all you have to do is add one decision, one ignorant person and it's bad news.

I've worked in orgs where we made big leaps in security, very proud of our work. Then one ignorant person who had the authority made a decision with no valid benefit to anyone, completely compromised everything.

Seen it time and again.

Not sure if that was the case as far as the credentials went in this situation, but it always seems to be the human element as far as curious choices goes.