Seriously, it's not even an afterthought. I have worked on a publicly funded research project covering smart home and living crap. While some of it may be interesting from a tinkering with stuff point of view, most of it is creepy surveillance type of shit, like smart metering. When I raised the question of security people stared blankly at me for a second or two and suggested that it wasn't a problem at all and if ever will be fixed later, maybe.
My point is, CIOs do not make relevant security decisions when it comes to product design. No one does. It's all about marketability and cost efficiency, security is neither because it is complex and costs a lot of money. And who care? Honestly, who cares about security? It's not the vendors and it's definitely not the consumers who constantly carry their rarely-if-ever-security-updated-listening-in-and-tracking-devices and provide the world with current information about the vacancy of their homes. So again, who cares? Eventually the insurance companies might care, when some cracker remotely burned down a kitchen or flooded a bathroom or two or ten thousand.