There is a significant difference in the relationship between Bitcoin Central and its costumers as opposed to Instawallet and its costumers. Bitcoin Central did have an authentication system, which did provide their costumers with more protection. In the end Instawallet users lost their bitcoin to a database hack, BTCentral was just running on the same servers. Many users made a well-reasoned decision to stay away from Instawallet and still used BTCentral.
We do not know anything about how the hack was done. You do not know whether the authentication played any role in this hack. It is not like the lack of wallet authentication on Instawallet gave anybody instant and full access to the underlying database and server root.
Let me just write out one possible scenario out from millions of other possibilities. Maybe the flaw that the attackers used to get access to the shared server and instawallet database was originally on bitcoin-central side and it was bitcoin-central that was hacked first. It is also possible that hot-wallet funds and database from both services were lost, it just makes more sense for them to admit one loss of funds instead of two and pour everything on Instawallet users to bear.
If you see some entity running a service with glaring security holes, it does not make sense just to avoid that poor service, it makes equal sense to avoid all the services of this entity. If you are able to spot one glaring hole, there can reasonably be expected to be a hundred other holes you just have not noticed yet from the outside and those hundred holes can be assumed to be equally on all the services that this sloppy and uncaring entity is developing SW for.