Are you kidding?
Yes, some, usually large, companies have very competent engineering teams doing embedded work. Often, they're some of the smartest guys around(although IMHO the Verilog guys are smarter on average...YMMV). Then there are hoardes of engineers around them who do most of the integration, grunt work, bug fixing, etc. Their work is usually not thoroughly inspected by the smart guys.
Then you have the thousands of small companies doing embedded development. They usually have one guy who is somewhat competent but needs to be fluent in everything from hardware bringup to adding a web configuration dialog. These are the guys that do things like try to stick ubuntu on their ARM board. These guys usually do not have a very comprehensive view of security, and even if they did they don't have the time or the budget to do it right.
If I had a nickle for every company I've worked for who just wanted to integrate off the shelf(usually FOSS) components together and ship it as soon as it was barely functional...