he clearly says that this is an issue with custum firmware files NOT a sony issue. if you don't use any cfw you are safe. if you download a random cfw from unknown sources you might be not. he only blames sony for not doing another encryption of the information (second security layer) which is common practise
Such sensitive data can now be captured by anyone who builds his own custom firmware with custom certificates. There
are enough n00b-friendly tools by now. Means, little scriptkiddies can spread their little CFWs and phish user data.
As many of these people are using a third party DNS, they are a potential victim of phishing.