Could it be so because features sell products, not security (yet)?
If their customers (which are not u) and them feel like security is only a cost and not a selling point then they won't work much on it. After all they already sold those products and have orders for more.
I think security just isn't an instinctive priority in most organizations when it comes to engineering operations. Also I don't blame them for the results very often as they're simply not given time / budget to do so very often.
It's a cultural thing that just hasn't taken hold (normally I hate using "cultural" but it seems to fit here).
