"but what would you be saying if it was a bomb and it went off because they were taking too long to figure out if it was a threat?"
That's simple: "What a bunch of idiots! They ruled it NOT a threat based on LOOKS!"
How is that fundamentally different again?
" If the Chinese can build in a CPU core that's two generations newer into a product with support for 3 radio standards and a screen that sells for $5 or so more than the Pi, why is Broadcom struggling with an outdated 12-year-old core on a product with no wireless?"
Oh wait! I know this one! Because we're not in China! (You can offer things at an amazing price point when you pay just slightly more than slave labor wages to your employees.)
"But with Linux most contributors, be they individuals or companies, are primarily concerned with their own projects."
Your definition of contributor is skewed. A FOSS contributor may do so in many ways. Clearly a project lead for a major project isn't going to contribute further by analyzing the ecosystem; their plate is full. There are others, also known as contributors, who do this. Other contributors administer project websites or write documentation. There is a whole wide array of types of contributors.
That being said, clearly there are more developers than people doing security audits, and it would be nice to see more contribtors in all the other categories, actually.
"... for those that were stupid enough to think that something electronic and stored in a common format over a common communications medium was secure.
Stupid enough? I hate to break it to you, but most if not all secure systems work in exactly the way you decry to be "stupid". Maybe you've heard of SSL?
Old programmers never die, they just hit account block limit.