Great points you made. The article said it had to rely on someone taking their work home with them (in many cases, this is simply not allowed at some of the US's national labs...depends on the level of security), implying that Iran has a somewhat lax policy on that.
Further digging around has revealed that there are two main "suspects" for having developed it: us (the USA) or the Israelis. The predominating theory is that the Israelis developed it - there are subtle clues within the program that imply Israel created it (references to dates in time where Israelis died, references to "Myrtus," the Hebrew word for "Esther," etc.).
There is some news coming out that Stuxnet has made its way over to China as well, with China's PR maching adamantly denying both its presence in China as well as its crippling capabilities. Given the correct command, Stuxnet could likely bring China's industries/military/whatever to its knees.
Still, some fascinating stuff going on.