As someone who knows a little more than nothing about encryption I'd like to point out that even if they'd encrypted these disks you should still have been worried.
This data is going to have significant value for many years. In fact it will only start to make good money for the bad guys in about 3 years, and then onwards for a lifetime, what's that, maybe another 80 years more. If bad guys have got them they'll probably sit on them for a good few years before even starting to use them.
Cryptography is always advancing, and so is the speed of machines. Encryption systems in use today will be broken eventually, they always are. These disks have a significant value, and will continue to do so for a long time. It would be worth the time and money for the bad guys to break the scheme in use. (I now look forward to myriads of posts about how hard it is to crack the current encryption schemes. Yes, currently it is hard, but next year it will be easier, and in ten years: probably trivial.) Considering the governments wherewithal on security, I doubt they would have encrypted it properly anyway, even if they'd tried.
The issue is not the use of CDs, the posting in the mail, or the lack of encryption, the issues are these lunatics thought it OK to send a large quantity of that quality of data about, as it exhibits a monstrous level of cluelessness, and that people so cavalier are even allowed through the gates, never mind given positions of authority.