Well, they don't really care about software attacks as much since those don't make them as much money. It's also fairly difficult for a remote hack because everything leaving the console has to go through an IPSEC tunnel to pass cert (at least on the 360).
And you'd be surprised how secure you can get a game console these days from a hardware perspective. For instance, on the 360, all stacks and everything in the hypervisor is encrypted with a per boot random key and hashed as it leaves L2 for main memory. If the hash doesn't match on the way back, the system resets. You're very protected from DMA attacks. Particularly of the kind that that's easily reproducible and able to be sold in mass.
The console security was good work. They wisely applied the tech being developed by academics and industry. There's a number of similar tech designed to stop leaks, protect control flow, and so on with crypto in SOC. I can dig up and post some of you'd like.
And you'd be surprised how secure you can get a game console these days from a hardware perspective. For instance, on the 360, all stacks and everything in the hypervisor is encrypted with a per boot random key and hashed as it leaves L2 for main memory. If the hash doesn't match on the way back, the system resets. You're very protected from DMA attacks. Particularly of the kind that that's easily reproducible and able to be sold in mass.