The statement "This means, if there are funds in either the rewardAccount or DAOrewardAccount, anyone can move them anywhere." is completely false.
Only the owner of the funds (in this case the DAO itself through a proposal) is able to move the funds. This is ensured by this line:
if (msg.sender != owner || msg.value > 0 || (payOwnerOnly && _recipient != owner))
throw;
msg.sender needs to be the owner, which is the DAO.
The reason why call was used instead of send, was to allow for generic contracts receiving the ether. Since this was the responsibility of the receiver himself, this is not a probem. Because of the rentry exploit it becomes a problem, and in this light, of course send should have been used.
So all comes down to the reentry exploit.
When the code for the DAO was written, we have not been aware of this exploit, therefore there are several places in the code were this can be exploited. So this type of bug exists in several places in the DAO code.
But to say it was engineered for failing, because there is one type of bug in the contract, is absurd.
RE: The DAO: A contract engineered for failure.