1. Whoever Valve's network admin is, he or she ought to be out of a damned job. This is just unconscionable. 2. The original expoit was via a buffer-overflow in Microsoft Outlook. How many times will people get burned by lousy Windows security before the learn? 3. Gabe Newell can take personal credit for fomenting this disaster. Using an internal machine to e-mail to fan groups, not taking appropriate measures to protect said machine, and waiting too long to take corrective action: bad enough for a home machine, almost criminal in a business enterprise. 4. Valve might be facing millions of dollars in lost sales due to this disaster, and it could very well mean the end of them. Among the source code they lost was stuff they had licensed from other companies. This makes them liable for losing not only their own IP, but other IP they didn't even own. I see lots of litigation coming out of this, especially as it seems Valve was negligent in protecting the sources.
Let this be a lesson, kids. Take security seriously.