A quick timeline -- kid puts items on plane on day 1, kid e-mails TSA on day 1 and tells them which flights were compromised, and in what way -- SWA employees find items on day 40 (more or less) -- TSA forwards e-mails to FBI on day 41.
Now, tell me about the bureaucratic vulnerability. The test isn't only that something got by the screener. The test is also how the TSA reacts to information. Bureaucratic behavior is predictable, inefficient, and defensive in nature.