@Elizafox As an IoT programmer, I can ensure you I would love to take the time and effort to design secure devices and test them properly.
Unfortunately, none of my customers ever wants to pay nor wait for that kind of quality. Most IoT products have a short lifespan and companies don't care if a security exploit (or any other kind of bug) is found a year down the line, they'll have already moved on to a new product, with the same flaws.