Sadly the relevant research shows that while you would like this to be the case, it isn't.
If you'd like to know more, look at the defcon conference videos for the last few years.
Just as a for example, I'll direct you to this article:
There was also a talk this last year that went into the architectural design of the car's network, and showed that in most cases there was no device between the head end unit and the sensitive items in a car, and where there was it wasn't a security device, merely a signal management unit, and the presenter expected to be able to jump it. But again, typically if you get access to the bus, you can talk to anything you want. There was also a lovely bonus bit where they showed you could update the to an arbitrary unsigned firmware due to some sloppiness in the process. (if you cut the power at the right time, the recovery process didn't do the appropriate checks. Once they got in and could analyze the python scripts being used, they discovered if you wrote a specific character (I think D but my memory could be playing tricks on me) to the right sector of the CD, it would bypass the signature checks and just update the firmware.
Engineers are generally smart, but they also tend to design to the specifications. If you don't TELL them to consider an attacker in their designs, they don't.