Yes, I would say a car that can do anything from centrally provided instructions is inherently more hackable than a car that is disconnected from everything and can't do much more than keep its speed on the highway.
That's fair. But what I see is that the car fleet will head towards OTA no matter what we do.
Forgive me for my cynicism. If you've ever worked with embedded systems... Well the state of consumer security is so bad I'd be shocked if someone hadn't already been killed in this way.
The Bluetooth alone is a nightmarish enough vector already. And local installation is very possible.