Without going into great detail here, we need to remember that every "command" is actually a separate entity, with different IT personnel, different levels of training and different levels of security interest and capability as well as different internal personnel problems. "Homeland Security from D.C." cannot monitor the *actual* security at every remote or separate command. In fact, nothing of military combat value is really classified below the Division level as far as equipment goes. If you are an officer in a SOF unit, or a major commander,chances are some "enemy" (used to be the Russians, maybe still is, and don't forget the ChiComs) has a more complete folder on you than your own Personnel office does. This is not to say that unit security breaches are not serious, they are of course. One problem with military IT security is the spiderweb of civilian contractors: If just one of them has a link into the mainframe then anyone in that office, or anyone who can tap into that office, may be able to access the data wherever those computers are hooked together by a modem.
And don't forget the disinformation factor; if i am a division commander and there is a hostile across the fence, i just might start sending my subordinates nasty messages about not ordering any ammo and we're clear out of everything, all the tanks and trucks that are broke down and all the soldiers that have gut-wrenching diarrhea and can't even stand up straight, and if the enemy attacked right now we'd just have to wave the white flag.... well, you get the idea.
The only way you are going to get *really* tight security at every computer terminal in the military is to require serious IT-security levels for every IT specialist at the lowest unit level. And as soon as you do that, every qualified E7 in the military will get out and go to work for industry starting at five times the wage he makes in the military after being there for 12 years. So you compartmentalize the serious information and the serious data, the serious systems, and do the best job you can with the other stuff.
Really over-simplified, but you get the idea...

(edit) went to see the site, and it's simply a consolidation of all the jobs you (as a contractor) might bid on from that facility and some others who piggyback on the site. The same info is posted hardcopy all over the planet at publicly available corkboards. Not a bad idea to consolidate the solicitations where everyone with internet savvy can have an equal chance at contract jobs for the military.
Still not an excuse for an improperly configured server...