Is an unencrypted wallet enough?
Unencrypted wallet does seem a bit harsh, but wouldn't it take more than that? It seems to me that the attacker would have to install a virus or keylogger, and that requires root privileges. I can guess how that happened, but nevertheless these were rather trusting souls.