Two points: Why argue about this at all? Securing known-in-advance endpoints isn't impossible. Why not just do it, and stop arguing?
Second: The relevant risk metric isn't "For a given person, is someone going to try to kill them today?" The relevant metric is "For all such remote-controlled implanted devices (including not just "insulin pumps" but any potentially dangerous device) placed in all human beings across the entire lifetime of both the implanted devices and the human beings, what are the odds someone will be attacked via this vulnerability and physically harmed?" to which the answer is trivial: 100%, rounded to the nearest thousandth of a percent.
Don't argue about it, fix it.
(Oh, and narrowing it down to "technically-skilled teenage sociopaths" is cognitively hazardous, even in casual debate. That's not even close to the full threat model and encourages subconscious dismissal of very real threats not sourced from that narrow group.)
Second: The relevant risk metric isn't "For a given person, is someone going to try to kill them today?" The relevant metric is "For all such remote-controlled implanted devices (including not just "insulin pumps" but any potentially dangerous device) placed in all human beings across the entire lifetime of both the implanted devices and the human beings, what are the odds someone will be attacked via this vulnerability and physically harmed?" to which the answer is trivial: 100%, rounded to the nearest thousandth of a percent.
Don't argue about it, fix it.
(Oh, and narrowing it down to "technically-skilled teenage sociopaths" is cognitively hazardous, even in casual debate. That's not even close to the full threat model and encourages subconscious dismissal of very real threats not sourced from that narrow group.)