"I say find out the people writing this stuff and ask their opinion why they're writing shite?"
Because they have to do as they are told by the requirements, which are defined by the OEM (Vehicle Manufacturer)
The OEM and Supplier's primary focus is safety, security is coming, but it will be 2-3yrs min before any cars on the road have it and for some it will still not be enough.
Security is never perfect, it's a distraction for someone determined enough to get into any system.
It cannot be retrofitted due to the nature in which the vehicles work, it's not just software, the hardware and vehicle bus need to be capable of supporting it. Which once developed requires significant testing at significant cost.
These are not PC's they are Embedded control systems with limited resources and Hard Real Time requirements. They are also developed to a much higher standard than PC apps.
Are they perfect? No, of course not, software is written by humans and they sometimes make mistakes.