When I read the article in the Washington Post, I decided not to post a link to it, because it was just more "Fear, Uncertainty, and Doubt" being spread by people who didn't really understand the internet or security. I'm happy to report that a blogger, Cory Doctorow, has saved me the trouble of refuting the article and has done it himself.
The nearly point-by-point counter attack covered a lot of bases, including factual errors and a lot of misinterpretations.
In general, it appears that the Washington Post writer had a chat with somebody in the security industry who was looking to feather his nest with some more consulting and didn't bother to contact anyone with more neutral knowledge (like any of us who have been around the net forever).
Most of the "threats" that were "assessed" in the article are no different than those that may come from college campuses (where DHCP-capable networks in libraries are left wide open for anybody to jack into), coin or cash internet kiosks, which require no identification before use, or cable access, which tends to have few restrictions and little logging.
Hats off to Mr. Doctorow for a good counter to the Post's poor article.