Not picking on anyone here, but let me give you a view.
I'm a Linux noob, happy to admit it, and as you all know I work for Microsoft (in enterprise support, nothing to do with this field). I have a couple of devices that are perfect candidates for a Linux build - RPi and RPi2 to name just two. I choose to install a variant (doesn't matter what one, does it?) I don't know enough to do anything intelligent besides setting up the device from a blog/website that I find online. Can I be comfortable that in that out of box state I'm "secure"? Admittedly things on my network are pretty well known to me and the Pi's are not likely to venture outside my network, but what about when my father-in-law comes over with his malware-encrusted PC and connects to the wifi, am I a target then by not having known enough about protecting myself? When I compare that to a Windows device that I can trust to get itself to a known update state, and in a good initial security stance, without thinking about it, I worry about going and buying that next embedded Linux device and connecting it to the network - and I have to hope my TV manufacturer did a good enough job of reducing the attack surface, as that's probably the next thing I'll knowingly buy that has something like this.
The real scary thing is that there's lots of people out there who don't know they have these devices in their home, and as you rightly point out the vendors are mainly about turning a profit on this year's model TV, not in heavily investing in defenses. OK maybe TVs aren't a good example to use since many of those manufacturers intend to be around for a while so are more likely to do the right thing, but the network cameras or the nanny-cam or the PVR or the sprinkler controller, are going to be less worried about their potential for damage.
But back to my scenario for a bit - how do I know? I'm sure a smart person could address some of that - but not me. That means I have some dust collectors (ok again, probably not the only reason they're collecting dust but I choose to use that one at the moment )