saving a Windows domain admin username and password in plain text
I'd be willing to bet if you went deep enough into literally any enterprise/large organisation on the planet, you'd find something equivalent to this.
The trouble with this is that it only becomes known _after_ it has caused a problem. The person or personS who were responsible will never be held to account and in some cases not even known.
As much as these large businesses have thousands of pages of information security policies - getting them working in practice and enforced is a completely different matter.