In their defense, they didn't start up with a million dollar budget and man years of development time. It was a hobby project that got out of hand quickly. Mainstream attention for the exchange has risen so fast. You can't expect the impossible.
I wouldn't exactly assume that the smaller exchanges are doing a better job. They have even less resources, and their software has received much less testing. Unfortunately, I am positive that these sites will suffer similar attacks, and some of these attacks will be successful.
If Mt. Gox overcomes this crisis and the resulting bank run (does anyone know if they reinvest their USD accounts?), they might well become the most secure Btc exchange available.
Paypal doesn't get SQL injected everyday, nor does Gmail or Facebook.
Just because your site is 'hobbyist' level in regards to user numbers, it doesn't mean you can settle for hobbyist security, especially when money is involved.