How often does any company do a recall for security issues? They seem to be taking the issue at least somewhat seriously.
Looks like the made the classic mistake of assuming users would be sane enough to change the default password.
More like making the classic mistake that consumers are IT professionals. Complaining that users aren't changing the default password is the security version of "you're holding it wrong." If changing the password is important, then it should be a required part of the setup process.