This actually just sounds like a successful example of agile design...
A subtlety complex feature took a couple sprints to iterate on stakeholder feedback and fully define the business need. The story doesn't seem that bad to me.
In this particular example, the engineer and designer had very little incentive to make it bulletproof (as there was no check), and there was no guarantee that the decision taken were not wrong (ex. not complying to Security Standard XYZ.NNN)
There was no "stakeholder" feedback as there is seldom an owner for these kind of decisions. If PM is the 'stakeholder' then these folks would have asked her "why are you not defining this?"
A subtlety complex feature took a couple sprints to iterate on stakeholder feedback and fully define the business need. The story doesn't seem that bad to me.