Well, it seems like the real gotcha in this case is physical security. I recently built a system for a company that holds, encrypts, and decrypts credit card data. The thing is as secure as we can make it, but there are places that, if the hardware was physically compromised, eventually they could get to it. This seems a little extreme -- I mean, you'd need to know your shit prior to stealing it -- but yeah.
I'm just surprised that nobody zero'd the memory before shutting down the machine. Though, I guess if you just unplug it you're done.