Right, the software is inherently a flaming security risk even if the vendor were perfectly trustworthy and moral.

Well, unless the scenario is moot because such a vendor would never have released it in the first place.