The frankly hilarious incompetence with which MtGox has been operating cannot be allowed to continue. Regulation, no matter what some of you seem to think of it, exists for a reason, and it is to prevent things such as this. Had there been accurate reporting, disclosure, meeting of capital requirements, self-regulatory structure and organization, safeguards against market manipulation, and so on, perhaps this all could have been avoided.
I always have a certain degree of skepticism with the label-heavy and fact-free style of posting. Ok, currently Mt. Gox is sticking to their story:
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
Submitting to an audit is an act of regulation. There's no small irony in the fact that what you suggest was the vector of attack. It's not unreasonable that had all the regulation you expected would have had precisely the same effect. Why? It's unlikely that the auditor requested usernames and passwords to be visible. It simply was the easiest way to provide the data they auditor wanted was to give them access to everything.
Assuming Mt. Gox's story is true. What actually caused the problem is likely a simple lack of policy. Passwords don't go to auditors. The idea that somehow all the things you mention would create a strong security policy is adorable in it's naivete. If Shostack had a single point in his book The New School of Information Security it would be that only a vanishingly small percentage of data breaches are disclosed. Ergo, there is no possible way you could know - in general - if the kind of regulation you suggest would have had a protective effect.