Inputs had been penetration tested regularly, and on security-critical projects I regularly spend upwards of $5000 on a thorough pentest by professional security forums firms.
made a typo.
This is the sticking point with me. TF was smart enough to know that you can't fully secure anything, and even if you make it so hard it isn't worth it, there's always social engineering. Leaving that much sitting around was foolish, and I don't think he's a fool. Maybe I'm giving him too much credit, I don't know.
Yeah, I don't have any explanation other than (i) lazyness (the system wasn't set up to make sending to cold storage easy, and it had to be performed manually), (ii) wanting to keep sufficient amounts on the server so nobody worries/panics, and (iii) about 1500 BTC was deposited within 48 hrs of the hack.
The later systems I've built do make sending to cold storage easier, but for the most recent site it was still an manual process. I intend on doing automatic cold storage transfers (hourly cronjob) for my future projects.