Honestly, this could happen at any company, for all the same reasons - in my experience, any workplace that isn't actually, or at least run as if it were, military is rife with subpar physical security.
And I can't claim not to be part of the problem - I'm forever wandering off to get coffee without locking my screen, holding doors for people I kinda think I might recognise... every security sin you can name, I'm guilty of it at some point. And so are you. Yes, you. No, probably not you, Mr. Schneier.
I have an amusing anecdote about the military and password security. I worked with some folks on a base once and everyone used the same keyboard pattern such that if I knew the first character of a password, I knew the whole password. This pattern was openly shared as a way to "remember" otherwise impossible to remember complex passwords.
So do I. Worked at a contractor hosting multiple sensitive/classified document repositories for one of the service branches. One of their attorneys' passwords expired for the document review platform. So this highly-qualified, TS/SCI cleared person accessing sensitive data emailed a bunch of our IT support and PMO distribution lists - basically an unknown number of anonymous third-party personnel - with an angry request to "reset [my] password back to [pass1234]! Right now!"
One thing I learned is that, with the exception of those directly concerned with the firing of weapons in anger, most military personnel don't give a hoot about operational security, and they HATED our IT department who did.
And I can't claim not to be part of the problem - I'm forever wandering off to get coffee without locking my screen, holding doors for people I kinda think I might recognise... every security sin you can name, I'm guilty of it at some point. And so are you. Yes, you. No, probably not you, Mr. Schneier.