Lloyds exposed 448,000 customers with a single faulty API update. No hackers, just bad engineering. Here is what every fintech founder should take from it.