> the journalist apparently didn't know a password he was given for files for his own use was being reused to secure a public insurance file
I think he got the file from bittorrent so he knew it was public. Not making an ecrypted archive just for him with a new password was Assange's mistake, no doubt about it, but publishing that password in a book takes it to a whole new level.
The fact that Bittorrent is used for distribution doesn't automatically make a file fully public. But as far as I know the file was provided to the journalist in the equivalent of an FTP /pub folder, not via Bittorrent. But Assange never removed the file afterwards and it eventually got backed up and publically-trawled afterwards somehow.
I think he got the file from bittorrent so he knew it was public. Not making an ecrypted archive just for him with a new password was Assange's mistake, no doubt about it, but publishing that password in a book takes it to a whole new level.