The problem is not "why is it not done yet", but more "why is it more urgent than taking care of bitcoin's ability to handle much larger transaction volume"?
That seems like a 1.0 feature to me. Addressing transaction malleability, on the other hand, could fit just fine in the 0.x.x roadmap. Nobody (at least to my knowledge) said anything about fixing it overnight.
I'm not saying Mt. Gox are the good guys here (they clearly screwed up), but shouldn't Gavin Andresen have accepted some responsibility?
Guess who came up with the idea to use the txid for auditing/tracking in the first place ..