Well, let's look at some key details for this "hack":
1. "CanSecWest organizers will set up the MacBooks with their own access point and all security updates installed, but without additional security software or settings."
2. After nobody was able to successfully complete the task, the rules were then 'relaxed'. This was planned, as they expected failure. The original contest site states: "progressive rules over the three days". In the relaxed set of rules, a URL was provided that exposed Safari to a "specially-constructed Web page" which allowed the hacker to gain shell access to the MacBook. In other words, they continually aided these "hackers" by gradually crippling the machines to a point where no conscientious person would have his system set up.
3. What exactly did he do? The details have yet to be published, and whether or not his "exploit" was malicious or not. Did he have root access? How so, the root user is disabled by default. If he had root, then he would have to have had access on a local level, not from a different machine. He would have also have needed the machine's password in order to activate the root user. The only way to have such information is to have exclusive knowledge of the machine, something your average hacker would not have.
After reading those articles and others related to this story, it would seem that the computer being "hacked", is the SAME computer that is being used by the "hacker"??? Sure, when you relax rules, allow a person to "hack" the very machine they are working on, thus giving them complete and total local access to the machine.... well, suddenly this doesn't seem so sensational or like much of a grand acheivement.
"I can hack my very own Mac, the one sitting in front of me...w00t r0X0rZZZZ!!!!111"
Give me a break.