...
LOL. PCI-DSS is pure marketing towards consumers. Look at some of these requirements:
....
Duh.
Most of the requirements are "Duh" common sense. They also
require testing, and have audit controls or compensating controls to identify issues early and mitigate them before they become a disaster. (in theory, see how Sony messed up PA-DSS compliance
Sure, I hate PCI-DSS bureaucracy as much as the next person, but the fact remains too many of these vulnerabilities arise from "Duh" stupid stuff they've overlooked. MtGox isn't even trying!
If you adhere to common technical standards and practices (PCI-DSS, OWASP, etc.) you're at least making an effort and protecting against the stupid stuff. Almost none of these exchangers are even doing that basic level of due diligence!