Yeah but you have the choice to not buy such a product. Do your research as far as is possible and pick the best device that meets your requirements and budget.
I get what you're saying but not sure how much difference it would make, given stuff from supposed experts and big players are being found with enough holes to put a colander to shame, one clearly can't rely on those allegedly skilled in the art to get it right either.
Tricky one. I would hope the sdk has been built by those that understand such issues, and the framework has been properly designed so end users of the sdk don't have to worry about things like security, they can just get on with making stuff safe in the knowledge that the security has already been built in.