They should have been summarily sacked after the "Not important, it works." line. In many professions, the equivalent attitude would be considered to be criminally negligent.
ANY competent programmer who works with something that talks to a database knows about SQL injection flaws, and anyone who has ever learned anything at all about security knows that injection flaws are consistently number one in the OWASP top ten.