Apple isn't responsible for banks' security or lack thereof. Some backs apparently let you activate any card you have the information off of. My credit union (not an employee, just a very happy customer) went live with Apple Pay this morning and it was nothing like the story described. I added my debit card, and the Passbook app popped up a notice that I had to call my CU, including a button to push to dial them. The customer service rep asked for my "phone and chat authorization password", which is a password they required me to set up earlier and is not the same as my banking login password. Then she asked me to describe my most recent debit card purchase and for the name of the company that direct deposits my salary. Only then did she authorize my debit card for Apple Pay.
It was mildly inconvenient in exactly the way I want my banking security to be. It wasn't enough for me to take a picture of some random credit card I'd found. Instead, I had to call my CU and convince an actual human that I'm who I claim to be. It wasn't perfect, sure: she didn't require a DNA sample or a retina scan, but it was vastly more secure than any other debit or credit card transaction I've ever made before.
Some banks (again, not Apple) are playing fast and loose with security for the short term convenience of their users. It sucks in the long term, sure, when the bank lets a thief authorize a stolen debit card and their customer has to get a new one issued, but someone did the math and decided this was a good idea. That's a problem with those banks, though, and not a design flaw in the system. Apple can't do much to improve that unless they wanted to man-in-the-middle security checks between a bank and its customers.