Maybe they "do stuff" with the data, like they've got an internal process to give historical access to the NSA or any random .gov upon request. No need to assume that massive pushback against obvious security improvements could only be ignorance or incompetence. Adding security could throw a wrench in the works if there is a business process or procedure that directly relies on insecurity. If they have a national security letter requiring them to do this, they won't be able to talk about the topic intelligently in public.
Or TLDR your idea would be great if they wanted a secure product, but they may legally be prevented from providing a secure product or even talking about the topic.
Or TLDR your idea would be great if they wanted a secure product, but they may legally be prevented from providing a secure product or even talking about the topic.