Is a password protected PDF file safe for bank statement attachments?
No, the use of a password protected PDF file is simply not good enough for sensitive data.
As others have already stated, newer version of the PDF standard use much better encryption methods than they originally did, however, a password on a file (even a strong one) will always be susceptible to brute force attacks. At this point you're just hoping their computer is slow enough that by the time they crack your (hopefully strong) password, the information is irrelevant. That's a lot of 'hopefully-s.' Assuming monthly bank statements, and a password under 50 characters, the security of your documents is starting to sound almost laughably naive.
This could also create a security risk in other ways depending on where the bank gets the password. I know of a bank that does something similar to this and uses your account password to encrypt the document, so that you only have to remember one password. This means they are storing your account password on the server. It may be encrypted, and it may not be, but either way it's probably safe to assume that any attacker that manages to break into your banks server and get a database dump now has your password. There is no excuse for saving passwords as anything but salted hashes (the same bank emails you your password if you forget it... yup, in a plaintext email).
If you can, call your bank and ask them to start sending you your statements encrypted using a public key system. PGP and S/MIME are both great, and will put a bit more security in your hands (it will be your job to protect your private key, not your banks).
Many banks also provide RSA tokens (or equivalent technology) for relatively cheap. Although there have been some (serious) security breaches with RSA in particular lately, this is still a great addition to your account security if your bank offers it.
I wouldn't even almost trust the security of it even if it didn't have such valuable personal information in it.
The encryption standard Adobe uses for the newest versions is not bad at all as Graham mentioned, but the bigger issues is the actual implementation of it. (Though the implementation in Adobe 8 was actually a bit better even though it was only 128 bit encryption as Adobe themselves even admitted).
Elcomsoft markets a product specifically for PDF password avoidance (not necessarily retrieval) that works quite well according to tests I've seen by 3rd parties (including CMU).
Combining that fact with the chance that the password itself could be insecure/easily guessable, the fact that it is sent in a predictable fashion to an account that could itself be compromised, and the fact that they store anything about you in it and that's a recipe for disaster/a new bank/a new policy for them at the very least.
I guess many banks don't consider monthly statements to be very "sensitive data", as far as I know lot's of banks have rather low bars when it comes to monthly statements.
As others said, I think PDF encryption is not the best,