On balance I like El Reg
But this article is just awful. The quote from Sol Cates clearly demonstrates that he has no idea whatsoever what he's talking about. I doubt there was any "backdoor link" that left the "computer database wide open" (what does this even mean?).
I suspect that the only encryption in place was between client and server via https. The "backdoor link" was most likely an unencrypted database, open to anyone either via a web application vulnerability or via direct access to the database server.
You will also notice that even now, the site does not enforce https. If you go to paymypcn.net you end up on a standard http connection (even though they still display the Verisign Secured logo at the foot of the page). You have to explicitly go to https://paymypcn.net to get an encrypted link.
To try and blame the DVLA for this is disingenuous of PaymyPCN.net. This is just a shite web application full of all the usual holes, and John Leyden should have spotted that whilst blindfolded and with his hands tied behind his back.