All companies that accept credit cards have agreements with the card companies. Penalties for stuff like this start at $500,000 dollars. Technically Apple is required to report incidents like this but they probably do it on an individual account basis thereby avoiding the repercussions.
OUCH.
Well, like mnehring said, it’s obviously the user who’s using iTunes wrong, it’s not Apple’s fault!
I wonder if tomorrow we’ll see a bunch of open Apple headcount recs for IT security experts...;)