Lockpicking tools are illegal and yet locksmiths and companies that make locks are allowed to have them. That seems pretty directly analagous; I see no particular reason why we couldn't have licensed and bonded digital security experts/companies.
Bit of a nitpick (and I'm not sure where you live) but lock picks are generally legal in the US. In some areas however they become illegal if they can prove malicious intent.
That's all fine and good if you only take companies and security consultants into account, but I'm not sure it's 100% analogous. What about random hypothetical geeky teenager who wants to contribute security patches to an open source project? I don't think there's a lockpick equivalent to that.
There is an analogy: Locksporting. Groups like Toool and individuals across the world pick and design locks as a hobby, and have shown flaws in high-security designs like Medeco that were later corrected.
