There's only a few points to be made for the whole "who is to blame" question, and honestly that isn't very interesting. To me, the thing that is important is that Google could do better. I do not have any of the Nest devices, so I do not have first hand experience. But I think there's a real opportunity when you're a company as big as Google to architect a system that doesn't depend on the user picking a good password to be secure for remote access. I'd suggest that password authentication only be acceptable when connecting from the LAN. From the internet, some other authentication would be required -- either encryption-key based or TFA. Setting up the encryption key on the device could be done while on the LAN (Google could make that part really easy). With an encryption key stored on each device it would allow ease of use when remote and making it significantly harder to hack.

I've worked in in-flight entertainment (IFE). I can say that yes, the hardware is generally shared by multiple airlines. However most Tier-1 airlines will push for, and some will demand completely custom feature sets and UIs for their entertainment systems. The IFE business is about being able to say yes to what the airlines want now, and being able to predict what they want in the future, and delivering it on schedule. The most important (and backwards) thing is that the airlines drive the requirements for these systems, So if the airline says "it was just what was available" then that's false -- if they really didn't want a camera, there wouldn't be a camera. Period. There's a lot of other potential privacy related concerns with in-flight entertainment too. There's various ways to for the IFE system to be able to greet you (especially the premium seat customers) when you arrive and sit down, such as "Hello Mr. X, would you like to request your usual beverage before takeoff?". Know that the airlines want to track what you're watching too -- mostly in aggregate so they can keep the most popular stuff around, but I'm sure it won't take them long to try to personalize that for you too (because, clearly passengers want that, right?). The airlines are all about monetizing IFE systems, just like everything else about flying. Things like forced ads are the beginning. Personalizing the ads to you as a next step.