It is embarrassing and astonishing that this critical a bug was not caught before the 0.4 release; constructive suggestions on how to improve the testing and release processes that do not assume access to hundreds of thousands of dollars of funds to hire security consultants or QA teams are welcome. Getting sufficient testing of code BEFORE it is released has been a chronic problem for this project.
I guess the opaqueness of the wallet data file prevents people from having a poke around and reading it.
Binary formats are efficient for the computer, but they aren't very transparent and actively discourage casual reading by curious users. If the wallet were in XML, JSON or some other text-based format then I guess this would have been immediately obvious to anyone with a text editor and a pair of eyes.