[rhexs]

Because they probably paid some contractor to design it and requesting this as an update would be expensive. Most likely some director doesn't think it's worth the money. Furthermore, the security team / one random guy who is now told to handle security duties after they got that e-mail most likely has an IT background and thinks reverse engineering embedded systems is impossibly difficult.

It would only be done if the press started publishing clickbait involving "THIS TOY IS WATCHING YOUR CHILDREN!!" as most IoT security not done by the top companies is entirely reactive.

Just a guess though. Never worked for Hasbo.