It is embarrassing and astonishing that this critical a bug was not caught before the 0.4 release; constructive suggestions on how to improve the testing and release processes that do not assume access to hundreds of thousands of dollars of funds to hire security consultants or QA teams are welcome. Getting sufficient testing of code BEFORE it is released has been a chronic problem for this project.
Don't know who would come up with the money for it, but it wouldn't be hundreds of thousands of dollars: Maybe offer BTC-bounties for bugs found in "official test releases". They probably wouldn't have to be high to motivate people in the bitcoin community to do better testing than is done now.
About coming up with the money: I've had quite some success (although not yet what I hoped for) with collecting donations for a common cause (
https://bitcointalk.org/index.php?topic=51133.0). Maybe enough people would be willing to donate to "bitcoin testing", especially after things like the encryption bug or maybe even more serious stuff happen.