I think that it is important (especially to the n00bs) to identify what other information can actually be obtained from such a mistake.

1. The biggest, and most obvious, a username and password was posted on a publically available web page.
2. You know the username format. So one can safely assume that all other login IDs for that server, if not the company are in the same format.
3. The password, IMO wouldnt be considered strong, so one can also assume that that server does not have any password strength testing or auditing tools.

But I have always said that it is alright to make mistakes, as long as you learn from the ones that you do make!

Hopefully now people reading this now realise that an error such as this is not as cut-and-dry as disclosing a userid and password. You also disclosing a lot of other information that a hacker may find useful for their cause.