I'm not saying this is what happened, but it's not uncommon for some of the more talented security experts to be compromised themselves. It comes down to that age old debate of security vs convenience, and a lot of the time by human nature we'll pick convenience. Again, not saying that's what happened here. I'm saying it's very easy to get complacent, and make mistakes. For example, I believe Satoshi's email was compromised, despite them being something of a security expert to implement what they did into Bitcoin. Now, I can't remember the specifics so it may have been that Satoshi wasn't at fault, and the company that hosted it was. However, you could argue that's even poor security since they don't own the email, and relied on a third party.

I'm sure some of the details will emerge once they've gotten to the bottom of it, and it's very likely a user error, and not something fundamentally wrong with Bitcoin.