Vendors upgrading to simply terrible security doesn't mean their customers are protected. After all, why not use the opportunity to sell the Super Security Plus+ version of the existing hardware for a nice fee?
Because the majority of your customers and you yourself sit in the working groups which created that "non-secure version" of the standard.
Either your customer would disagree with the premise of the standard implementation being "insufficiently secure" or your contribution to security should be reviewed as an evolution to the standard.
Result: Security is not being questioned in this realm of commercial discussion.
