umm, oke and?
Rather than blather on first about I happen to feel that experience isnt an excuse, nor is this a WP specific issue (its already been mentioned on 2 other sites).
Ill address your question (again) first:
If valid, what are the methods to block this from happening?
Dont allow backups to sit in publically accessable directories.
Why is that the answer and not something like a robots.txt block on google?
1. Because the people that dont get that those files are publically accessable, wont get what a robots.txt is for any better.
2. Because creating a robots.txt file might actually be more work than not leaving the file(s) on the server.
Its an unfortunate fact that often times Internet life mimics real life -- by that I mean that people that cross the street before looking both ways might get by a car. The same holds true on the 'net -- inexperience, NOT educating yourself, etc.. are not excuses..
Philosophically speaking, we could all do without some of the more stubbornly ignorant web masters that exist right now. It would prolly make the 'net a safer place for those of us left behind.
Besides, youve actually minimized the problem some, as the current practice among most hosts is to assign the same username/passwd combo to everything, ftp, mysql, etc.. So its not just a blog that is at risk, it might be everything.
Ive always said, "Google knows all"