I cant imagine why theyd do that unless Siemens itself is part of this or is under heavy pressure from the German government to cooperate.
The password in question is the database access password use by the SCADA software. It cannot be changed without a software update apparently. Just bad design, not nefarious pressure. From Siemens' website:
The user login and the password for WinCC are freely definable and have nothing to do with access to the internal database. The internal system authentication from WinCC to the Microsoft SQL database is based on pre-defined access data. This data is not visible for the customer and is used as an internal system mechanism for communication between the WinCC system components and the database. Changing the access data would impede communication between WinCC and the database and is therefore not recommended. Tightening up authentication procedures is being examined.
The other thing about this article that I think is wrong is that the certificate stolen from Realtek would have been used to sign software executables to hide them from Windows and from scanning software by making it look like a legitimate driver or application from Realtek.
I suspected as much when I first read the article. Thanks for the confirmation.