Practically speaking, the outsides of envelopes addressed to you are much more like unencrypted HTTP traffic were: Trivial for many people other than sender and receiver to become aware of, therefore it's advisable to not print interesting secrets on the outside of mail in the first place (and indeed, you can just address mail without any front-facing return address or any return address if you don't want a chance of that data leak through any means).
Probably half of people get their mail in an unlocked mailbox that anyone can casually open and peek at before you get home from work. And every postal worker can of course see the information as they handle the mail.
Not saying that's ideal, but just pointing out that this doesn't represent a tremendous loss of privacy.
The errors this article is about are about exactly one person selected basically at random getting to see something not for them. This seems to me about as scandalous as if an engineer looked at the raw traffic on a switch as ASCII text and occasionally sees the contents of a randomly-selected email. Absent the ability to predict and target this... shrug
I don't know if it would be possible to have the ID service at all if one were not tolerant of one in a million times an envelope sticks to another one and ends up in someone else's image file.
Probably half of people get their mail in an unlocked mailbox that anyone can casually open and peek at before you get home from work. And every postal worker can of course see the information as they handle the mail.
Not saying that's ideal, but just pointing out that this doesn't represent a tremendous loss of privacy.