The court assumes that bad guys don't already have this knowledge. From decades of experience in IT security we can conclude with near certainty that they do.
Erm, no you can't. Your experience is obviously wrong if you conclude that.
Immobilisers are mandatory in the EU since 1998 because they had an absolutely massive effect on car theft. From el wiki:
Statistics in Australia show that 3 out of 4 vehicle thefts are older cars stolen for joyriding, transport or to commit another crime. Immobilisers are fitted to around 45% of all cars in Australia, but account for only 7% of those cars that are stolen. In many instances where a vehicle fitted with an immobiliser has been stolen, the thief had access to the original key. Only around 1 in 4 stolen vehicles are stolen by professional thieves. The majority of vehicles are stolen by opportunistic thieves relying on finding older vehicles that have ineffective security or none at all.
From this paper
Application of the security device reduced the rate of car theft by an estimated 70 percent in the Netherlands and 80 percent in England and Wales, within ten years
after the regulation went into eect. Based on micro-data on time to recovery of stolen cars for the Netherlands, we nd that the device had a greater impact on theft
for joyriding and temporary transportation than on theft for resale and car parts. The costs per prevented theft equal some 250 Euro for England and Wales and 1,000 Euro for the Netherlands; a fraction of the social benets of a prevented car theft
Obviously, in that timeframe not all immobilisers were secure, as we're now learning that some have exploits (also see the BMW recall). Yet car theft dropped a lot anyway. The only explanation is that "bad guys" (who come in all shapes and sizes) did not have that knowledge, the skills needed to be a car thief not often overlapping with the skills needed to break complex security electronics.