I'm unsure where I stand on this subject, but this excerpt from Jaron Lanier's "You Are Not A Gadget" seems relevant:
"There are respectable academic conferences devoted to methods of violating sanctities of all kinds. The only criterion is that researchers come up with some way of using digital technology to harm innocent people who thought they were safe. ...
"If the same researchers had done something similar without digital technology, they would at the very least have lost their jobs. Suppose they had spent a couple of years and significant funds figuring out how to rig a washing machine to poison clothing in order to (hypothetically) kill a child once dressed."
The threat model is totally different, so the metaphor fails horribly. I could, theoretically, do some horrible thing to a chemical plant, but if I'm going to put that much physical effort into it, driving a truck bomb up to it is way easier. Preventing that attack is infeasibly expensive. So the obscure stuff is hardly relevant anyhow, when the straightforward stuff works fine.
I could, theoretically, hack a medical device to do something horrible... in which case I might be able to kill someone untraceably, from the other side of the country, with no consequences to myself, and possible dozens or thousands of people at a time, and all it would have taken to protect against this is a programmer adding one line of code that would have checked for the buffer overflow. Or using one of the languages designed with preventing buffer overflows in mind.
It's two things so different that they just aren't comparable. We aren't going to secure our electronic devices by not spending time thinking about how to secure them, and that can not help but manifest as ways to attack them.
Don't people get paid to look for security vulnerabilities in pretty much any engineering field? There are people who work full-time on thinking up ways that a terrorist could potentially rig a chemical plant to release deadly gases, for example.
Would you feel more comfortable if a few smart people figured out the same things and didn't tell anyone about it, but instead used it for profit or to cause harm to innocent people?
"There are respectable academic conferences devoted to methods of violating sanctities of all kinds. The only criterion is that researchers come up with some way of using digital technology to harm innocent people who thought they were safe. ...
"If the same researchers had done something similar without digital technology, they would at the very least have lost their jobs. Suppose they had spent a couple of years and significant funds figuring out how to rig a washing machine to poison clothing in order to (hypothetically) kill a child once dressed."