And yet, I'd bet $10 that:
* They know this.
* They are just implementing what their customers demand.
* They accept that allowing direct access in order to obtain performance
at the experience of security is a necessary model in a wide variety of
situations, particularly gaming.
* They don't give a flying crap what a bunch of perceived whining kooks on
NANOG think about that tradeoff. God knows, I wouldn't.
Color me cynical, but I thought the manufacturers did that because a security
issue has the ability to convince non-customers that your product sucks, while
other bugs and upgrades only convince the sheep that already bought the product
that the product is getting Even Better!(tm).....
That could be a factor, but, I know first hand from the legal departments
of at least two software "manufacturers" that it was at least a factor
in the decision, and, they do have concerns about being liable for
damages caused by security flaws in their software.