[pipelineist]

> CAN is a very simple, unauthenticated bus. Any device can send a message that every other device on the bus will receive.

True, but in practice messages that are deemed important are secured at higher OSI levels, and the identity of important bus participants is cryptographically checked during vehicle startup.

> The idea of attaching an internet-connected infotainment computer to the same CAN bus as the brakes is absurd. Doing so on a production car, even more so.

Which is why all vehicle architectures I'm familiar with have a bunch of CAN (and other) buses. Maybe it used to be different, and I certainly know only a few bus architectures, but they make a honest attempt at securing the important bits at least.

Industry engineers may not get everything right, but they're not that stupid. Cut them some slack.