IRS deploys applications knowing they have security issues

Oh great, the IRS knew about the issues yet still deployed the applications.  Those in charge and who approved this should be fired, IMNSHO.  

Putting applications on the network with known vulnerabilities is not a wise decision, regardless of the data contained within.  Given the nature of the data contained within the IRS everything should be triple checked and any issues fixed immediately.  The risk is huge given the data.  

If the data to be protected was email, not having encryption over the wire within the data center might be an acceptable risk.  However given the nature of the data we are talking about here, the data should be encrypted 100% of the time.