In this case, it's not that simple.
It's an industry issue. Building automation has been changing from a mechanical, trades-based industry, to a data-driven, high-tech one much more rapidly than the workforce.
The majority of controls technicians have little networking knowledge, even less programming knowledge, approaching 0 design knowledge, and absolutely no data and computer systems foundations yet are pretty well versed in the mechanical systems, engineering, electrical subtrades group. To be a good controls tech these days you need a LOT of all those other things and giving a damn about security requires one to understand why it's important. Most techs assume that if there's a password, it's "secure enough" and "not my problem" yet the systems are extremely complex (for good reason). This Niagara issue is primarily a bad-practices issue as the other poster mentioned. The Niagara Framerwork is not DD-WRT or other such network tool, it's much, much more complex than that and properly securing a system requires some study, some planning (this is almost always missing) and some deliberate attempt to understand the many different levels of access permissions that need to be granted to a system depending on the function of the person logging in. Furthermore, even IF the controls tech from the vendor has done the appropriate work to properly secure a system, once it's turned over to the facility and their maintenance, you're relying on the operators who are by no means experts in the field, to continue to administer the system, issue users and access privileges and maintain some kind of access policy. Can Tridium do more? A little, but not a whole lot. You can already use SSL, HTTPS and certificate based security for all your connections if you wished. You can already granulate the access to every single resource in a system. They could make it more obvious to change the platform (OS level) access, but it would only go so far because the likelihood of vendors making that password universal across all sites is very, very high. There are good eggs out there, don't get me wrong, but as usual, the problem isn't the system, it's lack of knowledge.
For all computer, network and design folks out there, if you really want to challenge yourselves and discover a world you've never even considered existed, try the controls and building automation industry. You need to know a lot of different things, know them really really well, but if you do, you'll print your own money.