It's so easy to hack CANBUS, and I would assume other similar automotive data buses. Personally I have played around a bit with the CANBUS in my two cars. Using an Ardruino, a CANBUS shield and some custom software, I can read and write on the CANBUS with full control. In my two vehicles (both Ford Fusion's) I have confirmed via wiring diagrams that there are two CAN buses in the vehicle. On for non critical elements like locks, windows, radio, climate control, etc, and the other is a higher speed for more critical things like engine control, airbag modules, steering angle sensors, transmission, etc.
Now, that design is great but there are two places where the buses meet. One is the instrument cluster, which is the gateway that passes data between the two buses. This is likely so that things like vehicle speed can be relayed to the stereo unit for adaptive volume control WITHOUT having the head unit have access to the critical systems bus. The other place is the Ford Sync module - bingo this could be a problem!
What is needed is strict control of what data is allowed to pass between the buses, and which way. Essentially where each bus meets together, it should be thought of as a very strict firewall. The problem is, manufactures want to be able to add bells and whistles cheaply and easily, so they leave it wide open. In theory this seems okay, but with security, it's always best to have multiple levels of security. It sounds like Chrysler has only one, 'security' by hiding in plain sight. It's exactly the same as putting a PC direct on the internet without a router/firewall. For a while you will be fine because nobody is looking to break in, but eventually they'll figure it out. In this case, with Chrysler's uConnect, they did.