Indeed, there was great talk about how secure this one was going to be. Surprise surprise there are gaping holes.
It does go to show though, that there is an issue with industry accepting poorly written/secured software. We've only had 1 customer out of double figures that picked up and commented on the lack of security.
Requesting PEN test results before purchasing would be a good way to negate some problems. Responsibility would be on the manufacturer to ensure it is of a good standard before putting it to the market. You'd also have documented tests/results to then use as a baseline to ensure compliance/security/etc.